Using Threat Intelligence in Microsoft Sentinel to Enhance Incidents

In this article, we explore real world automation and improvements to Sentinel Incidents. Leveraging Microsoft Sentinel Playbooks you can streamline your SOC security operations and respond to incidents faster and with the information your Analysts need to make decisions. A key component of this process is the integration of Threat Intelligence (TI) to enrich incident data with critical context – before anyone opens that incident to investigate.

Posted on 7:07 am
0
AzureTracks.com explores using KQL to get started with threat hunting in Microsoft Sentinel. Pictured is the AI version of our Belgian Mia with some wires in her mouth while hunting for threats.

How do I Start Threat Hunting with Microsoft Sentinel?

Join me as I explore getting started with threat hunting using Microsoft Sentinel and KQL to jump-start our investigations. We will dive into a world where we look for anomalies in the data and try to identify potential threats before they can escalate within our environment.

Posted on 6:55 am
0
AzureTracks.com looks at Azure Arc machines and heartbeats and how Microsoft Sentinel plays a role.

Using KQL with Azure Arc Machine Status

In this post we take a look at using KQL to observe machine status of Azure Arc managed machines. We will look at a couple of examples of how to create some helpful queries and then using those to enable monitoring in Microsoft Sentinel. As organizations adopt a more cloud-centric management model, it is becoming more common to see machines through Azure Arc, but also our Sentinel log collectors via Azure Monitor Agent are deployed using Azure Arc agent; so we need to make sure we can keep tabs on our log collectors and other servers easily.

Posted on 8:00 am
0

Azure Updates – Number 95 – July 27, 2024

A summary update on Azure News that includes updates released from Microsoft Azure related to Azure, Architecture, Compute, and Sentinel topics. Every update is linked to it’s original Microsoft Azure, Microsoft Sentinel or other blog source. Hopefully this will save you some time digging around to find recent releases and changes.

Posted on 10:41 am
0
AzureTracks.com using Microsoft Sentinel and Azure Dashboard together to create reporting dashboards.

Using Azure Dashboard with Sentinel

In this post, I explore using Azure Dashboard to help summarize Sentinel reporting and to provide an enhanced method for non-technical users to understand the current incidents in Microsoft Sentinel. We will look at creating Azure Dashboards, KQL queries, displaying data in a meaningful way, and how to grant users permission to see the dashboard.

Posted on 7:00 am