AzureTracks

Microsoft Sentinel - Fetch Threat Intelligence & Have updated incident information before a human opens the investigations.

Using Threat Intelligence in Microsoft Sentinel to Enhance Incidents

In this article, we explore real world automation and improvements to Sentinel Incidents. Leveraging Microsoft Sentinel Playbooks you can streamline your SOC security operations and respond to incidents faster and with the information your Analysts need to make decisions. A key component of this process is the integration of Threat Intelligence (TI) to enrich incident data with critical context – before anyone opens that incident to investigate.

Posted on October 17, 2024 7:07 am

Automation

Responding to Incidents with Microsoft Sentinel – Part 5 – Take Action with Automation

In today’s article we will build on previous automation experiences to further develop your Microsoft Sentinel automation powers! Today we will look at remediating incidents and alerts automatically. We will explore auto-remediation using both playbooks and Sentinel Automation rules.

Posted on August 3, 2023 7:16 am

Automation

Responding to Incidents with Microsoft Sentinel – Part 4 – Automate Research

Today we take a detailed look at building our own Sentinel Playbooks and gathering information on an Incident automatically. Join me as we build automation to update Alerts with detailed IP lookup information as comments. With basic research done automatically, we can save a lot of time!

Posted on July 20, 2023 7:07 am

Automation

Responding to Incidents with Microsoft Sentinel – Part 3 – Gather Research Automatically

In this article we will explore automation enhancements to your Microsoft Sentinel environment. Today we will take a look at using Sentinel Playbooks and gathering information on an Incident automatically. In this article, we will explore an example of using Playbook Automation in Microsoft Sentinel to perform information lookup during an incident investigation.

Posted on July 7, 2023 7:00 am

Automation

Responding to Incidents with Microsoft Sentinel – Part 2 – Optimize What You See

Today, we will explore some enhancements to your Microsoft Sentinel environment. I look at optimizing the ticket queue and working to prevent ticket overload. Join me to explore Automation Rules.

Posted on June 22, 2023 7:04 am

Automation

KQL to show records and data size to estimate costs of Sentinel data storage

Responding to Incidents in Microsoft Sentinel

Join me to explore next steps once you have investigated an incident. Taking action to respond to the threat in Microsoft Sentinel provides excellent automated response capabilities that can be used to respond to threats in real-time. Let’s explore!

Posted on June 8, 2023 7:03 am

Automation

Building Automation Rules with your Sentinel Instance in PowerShell

Today, we explore creating custom Automation Rules in Microsoft Sentinel to help us auto-close low value incidents. Let’s look at how we can automatically close & impact incidents and make it all work using PowerShell!

Posted on April 13, 2023 7:08 am

Automation

Sentinel & Log Analytics – How to Create Incidents to Test with – Part 2 – The Automation Rule

Today, I’d like to talk about using Microsoft Sentinel and address a common question that many teams have when they are starting to work with the Sentinel SIEM/SOAR solution….Part 2 of How do I create incidents to test with? Today we look at the automation rule and how we can use it trigger our Playbook or other automation that needs to be tested.

Posted on October 18, 2022 7:35 am

Automation

Sentinel & Log Analytics – How to Create Incidents to Test with – Part 1

Posted on October 11, 2022 7:35 am

Automation

AzureTracks - Microsoft Sentinel - Log Analytics workspace Data Cap - A man working on data graphs at a desk

Set Log Analytics Workspace Data Cap

Let’s take a look at setting data ingestion caps in an Azure Log Analytics workspace today. There are different reasons why we may want to limit the data coming into our storage account, today we look at both setting the data cap, and alerting us when that data cap is reached through Azure Monitor alerting.

Posted on October 7, 2022 9:35 am

Category: Automation