AzureTracks

M365 Operating Guide for Sec Ops Teams – Use with Microsoft Sentinel

When building out a SOC team, many organizations quickly realize that there are very few silos left in IT when it comes to cloud. Our SOC members need to have cloud platform skills, M365, Exchange, Active Directory, Azure Active Directory, Windows Server, REHL, and so many more skills. To say this a different way; our cloud landscape is flat, and we need members that have a wide band of skills with some specialties mixed in. This is complex to say the least, and with labour challenges in our post-covid world, we need ways to upskill our teams and build out operations manuals and tasks to support those teams.

Posted on October 25, 2022 7:30 am

Azure

Azure Updates – Number 49 – October 22, 2022

A summary update on Azure news that includes updates released from Microsoft Azure related to Azure, Architecture, Compute, and Sentinel topics. Save time digging around to find recent releases and changes. Released October 22, 2022.

Posted on October 22, 2022 10:38 am

Automation

Sentinel & Log Analytics – How to Create Incidents to Test with – Part 2 – The Automation Rule

Today, I’d like to talk about using Microsoft Sentinel and address a common question that many teams have when they are starting to work with the Sentinel SIEM/SOAR solution….Part 2 of How do I create incidents to test with? Today we look at the automation rule and how we can use it trigger our Playbook or other automation that needs to be tested.

Posted on October 18, 2022 7:35 am

Automation

Sentinel & Log Analytics – How to Create Incidents to Test with – Part 1

Posted on October 11, 2022 7:35 am

Azure

Azure Updates – Number 48 – October 8, 2022

With Microsoft Ignite 2022 coming next week – I’ll have all the updates for Azure Infrastructure and Microsoft Sentinel here at the end of the week, once the Ignite Book of News is published! Now with our regularly scheduled Azure News updates: A summary update on Azure News that includes updates released from Microsoft Azure related to Azure, Architecture, Compute, and Sentinel topics. I’ll provide links to all the resource updates with each item. Hopefully this will save you some time digging around to find recent releases and changes. Published October 07, 2022.

Posted on October 8, 2022 9:30 am

Automation

AzureTracks - Microsoft Sentinel - Log Analytics workspace Data Cap - A man working on data graphs at a desk

Set Log Analytics Workspace Data Cap

Let’s take a look at setting data ingestion caps in an Azure Log Analytics workspace today. There are different reasons why we may want to limit the data coming into our storage account, today we look at both setting the data cap, and alerting us when that data cap is reached through Azure Monitor alerting.

Posted on October 7, 2022 9:35 am

Month: October 2022

M365 Operating Guide for Sec Ops Teams – Use with Microsoft Sentinel

Azure Updates – Number 49 – October 22, 2022

Sentinel & Log Analytics – How to Create Incidents to Test with – Part 2 – The Automation Rule

Sentinel & Log Analytics – How to Create Incidents to Test with – Part 1

Azure Updates – Number 48 – October 8, 2022

Set Log Analytics Workspace Data Cap