Another blog to help expand Security Knowledge
Introduction Update: Microsoft Sentinel now has the ability to trigger a playbook when an incident has been updated so this blog post is obsolete! If you are like me, you feel that one of the holes in Microsoft Sentinel is knowing when something changes. I am hoping that this changes soon (pun intended). In the […]
If you have read either version of my book, I sent you to a URL that uses the Azure Data Explorer to play around with the KQL queries. Rod Trent just posted a blog at Create and Maintain Your Own KQL Demo Environment with the New Start-for-free Cluster – Azure Cloud & AI Domain Blog […]
I just noticed this morning that one of my queries in Azure Sentinel returned 30,000 results rather than the old 10,000 it used to. Hopefully this is not a bug and will continue.
While looking at the SigninLogs table in Azure Sentinel I noticed there are a lot of dynamic fields that hold JSON data. I was trying to use parse_json to get to the data but it was always returning empty fields. I then realized that parse_json requires a string input, not a dynamic. After some messing […]
Introduction In Ingesting Azure Sentinel Incident information into Log Analytics, I showed you how to create a Log Analytics workflow to ingest Azure Sentinel Incidents into a Log Analytics workspace. In Ingesting Azure Sentinel Incident information into Log Analytics Part II, I fixed some of the issues I ran into while using the instructions from […]
Introduction This is a continuation of the post Ingesting Azure Sentinel Incident information into Log Analytics. There are a few things that I want to clarify/rectify in it. I was working on the output from my last post to make a useful workbook from it and noticed a few things. Misspelling I misspelled “severity” when […]
I am happy to announce that the book I have been writing with my co-worker, Richard Diver, (and I have no idea how he got top billing 😉 ) is almost finished and will be released soon. It is an introduction to Azure Sentinel and covers all the topics from planning your Log Analytics workspace […]
Introduction Microsoft is making great strides and making Azure Sentinel one of the best SIEM products out there. One way they do this is to allow other Azure security products to forward their alerts into Azure Sentinel to make a one-stop-shop kind of experience. While this is great, one feature that, IMHO, is lacking is […]