Get more results when querying logs in Azure Sentinel
I just noticed this morning that one of my queries in Azure Sentinel returned 30,000 results rather than the old 10,000 it used to. Hopefully this is not a bug and will continue.
Nice shortcut in KQL to get JSON data in a dynamic column.
While looking at the SigninLogs table in Azure Sentinel I noticed there are a lot of dynamic fields that hold JSON data. I was trying to use parse_json to get to the data but it was always returning empty fields. I then realized that parse_json requires a string input, not a dynamic. After some messing […]
Ingesting Azure Sentinel Incident information into Log Analytics Part III – Using the data
Introduction In Ingesting Azure Sentinel Incident information into Log Analytics, I showed you how to create a Log Analytics workflow to ingest Azure Sentinel Incidents into a Log Analytics workspace. In Ingesting Azure Sentinel Incident information into Log Analytics Part II, I fixed some of the issues I ran into while using the instructions from […]
Azure Sentinel book coming soon
I am happy to announce that the book I have been writing with my co-worker, Richard Diver, (and I have no idea how he got top billing 😉 ) is almost finished and will be released soon. It is an introduction to Azure Sentinel and covers all the topics from planning your Log Analytics workspace […]