Another blog to help expand Security Knowledge
UPDATE: It appears that Microsoft has removed this from Workbooks, at least for the time being. It may be that it is not ready for release yet or it could be that it was re-enabled by accident. Hopefully it will show up again since I can see this being quite useful. Overview While working on […]
Introduction Wow! Just realized it has been half a year since I have posted anything new. Sorry about that. Well, this one is worth it. A brand-new update to the Export-AzSentinelConfigurationToWord.ps1 program that I wrote a long, long time ago. It uses PowerShell to display a nice GUI so that you can easily enter the […]
Introduction In my last blog post I compared using Microsoft Graph with the Microsoft Sentinel REST APIs. If you have your Microsoft Sentinel hooked up with Microsoft Defender, I recommend using the Microsoft Graph as much as possible. It appears that Microsoft will be pushing more and more to the Graph, so it makes sense […]
Introduction If you have connected your Microsoft Sentinel instance to your Microsoft Defender instance (and if not, why not?), you know that the same incidents and alerts will show up in both instances. You can use either the Microsoft Sentinel REST API or the MS Graph to get the data. So, which one should it […]
If you work as a developer or in operations, you most likely have heard about DevOps. If not, I suggest reading “The Phoenix Project“. It is a great book that tells a story about a company working their way to a DevOps mindset. While I love that book (I have read it 2x and listened […]
Introduction This is a program I have been wanting to write for quite some time. It is the number 1 most requested feature from the community at large for Microsoft Sentinel, although I cannot find the URL right now. I have spoken with the development team and, at least at the time I spoke with […]
I am going to start blogging about different topics than just Microsoft Sentinel. As you probably know, Microsoft Sentinel can (and should) be integrated with the Defender portal (security.microsoft.com), aka unified portal, so I will be expanding my focus a bit. Don’t worry, I still love Microsoft Sentinel. There will still be some general security […]
Introduction In my last post, I talked about how to get a single (or a few) entries from a Microsoft Sentinel watchlist. I introduced the fact that watchlists are stored in the “Watchlist” table. We can use this to perform cross workspace queries. _GetWatchlist Again, in my last blog post, I talked about the “_GetWatchlist” […]
Introduction 19 Jan 2024 UPDATE: I have posted this same information (not quite as detailed) in the Microsoft Sentinel blog at Querying Watchlists – Microsoft Community Hub however, it does have a section on “bag_unpack” and the best way to use it. As I am sure you already know, you can get the entries from […]
I have finally finished the first version of my “Programming Microsoft Sentinel using REST APIs” EBook is ready to go. You can download it from: garybushey/ProgrammingMicrosoftSentinel: Programming Microsoft Sentinel book (github.com) Let me know what you think. Can you easily follow it? Are the examples (both in the descriptions and use cases) useful and easy […]
