AzureTracks

Microsoft Sentinel - Fetch Threat Intelligence & Have updated incident information before a human opens the investigations.

Using Threat Intelligence in Microsoft Sentinel to Enhance Incidents

In this article, we explore real world automation and improvements to Sentinel Incidents. Leveraging Microsoft Sentinel Playbooks you can streamline your SOC security operations and respond to incidents faster and with the information your Analysts need to make decisions. A key component of this process is the integration of Threat Intelligence (TI) to enrich incident data with critical context – before anyone opens that incident to investigate.

Posted on October 17, 2024 7:07 am

Azure

Azure Updates – Number 99 – October 5, 2024

A summary update on Azure news that includes updates released from Microsoft Azure related to Azure, Architecture, Compute, Security Copilot and Sentinel topics. Save time digging around to find recent releases and changes.

Posted on October 5, 2024 9:00 am

Azure

Azure Updates – Number 98 – Sept 21, 2024

Posted on September 21, 2024 9:21 am

Azure

Azure Updates – Number 97 – September 7, 2024

Posted on September 7, 2024 9:00 am

Azure

How to Find Users With & With-Out MFA Quickly

Wondering where to get started finding all the users in your Entra ID that do not have MFA enabled? Here’s some quick PowerShell to get you started and easily identify what users may be missed by your conditional access policies.

Posted on August 21, 2024 9:24 am

Azure

How do I Start Threat Hunting with Microsoft Sentinel?

Join me as I explore getting started with threat hunting using Microsoft Sentinel and KQL to jump-start our investigations. We will dive into a world where we look for anomalies in the data and try to identify potential threats before they can escalate within our environment.

Posted on August 15, 2024 6:55 am

Azure

Azure Updates – Number 96 – August 10, 2024

Posted on August 10, 2024 9:26 am

Arc

AzureTracks.com looks at Azure Arc machines and heartbeats and how Microsoft Sentinel plays a role.

Using KQL with Azure Arc Machine Status

In this post we take a look at using KQL to observe machine status of Azure Arc managed machines. We will look at a couple of examples of how to create some helpful queries and then using those to enable monitoring in Microsoft Sentinel. As organizations adopt a more cloud-centric management model, it is becoming more common to see machines through Azure Arc, but also our Sentinel log collectors via Azure Monitor Agent are deployed using Azure Arc agent; so we need to make sure we can keep tabs on our log collectors and other servers easily.

Posted on August 1, 2024 8:00 am

Azure

Azure Updates – Number 95 – July 27, 2024

A summary update on Azure News that includes updates released from Microsoft Azure related to Azure, Architecture, Compute, and Sentinel topics. Every update is linked to it’s original Microsoft Azure, Microsoft Sentinel or other blog source. Hopefully this will save you some time digging around to find recent releases and changes.

Posted on July 27, 2024 10:41 am

Azure

Using Azure Dashboard with Sentinel

In this post, I explore using Azure Dashboard to help summarize Sentinel reporting and to provide an enhanced method for non-technical users to understand the current incidents in Microsoft Sentinel. We will look at creating Azure Dashboards, KQL queries, displaying data in a meaningful way, and how to grant users permission to see the dashboard.

Posted on July 18, 2024 7:00 am