Category: Automation

Automation
0

Querying Logic App Performance with KQL: A Practical Guide

This post explores how to query Logic App performance using Kusto Query Language (KQL), with a focus on measuring workflow run durations. It breaks down telemetry sources based on Logic App type—Consumption vs. Standard—and guides readers through using AzureDiagnostics, Traces, and LogicAppWorkflowRuntime tables. The article includes practical KQL examples for schema discovery, execution tracking, and duration analysis, along with tips for instrumentation and production monitoring. Whether you’re optimizing ingestion pipelines or validating SLAs, this guide equips you with actionable insights to make your Logic Apps smarter and more efficient.

Posted on 6:52 am
Automation
0

Microsoft Defender for Cloud Use Case: Governance Rules in Action

Security at scale isn’t just about visibility—it’s about enforcement. As organizations grow their cloud footprint across multiple subscriptions, management groups, and even cloud providers, maintaining consistent security posture becomes exponentially harder.

Enter Governance Rules in Microsoft Defender for Cloud (MDC). These rules allow security teams to define, enforce, and monitor security policies across their environment using automation and policy-as-code principles.

Posted on 6:55 am
Automation
0
Microsoft Sentinel Automated Triage - Elevate your Security Posture

Automated Triage in Microsoft Sentinel

In today’s post we will look at some different ways to automate incident triage in Microsoft Sentinel. Organizations face an ever-increasing volume of security threats. Cyberattacks are becoming more sophisticated, and the sheer number of alerts can overwhelm even the most seasoned security teams. Automated triage in Microsoft Sentinel emerges as a crucial solution, empowering organizations to respond swiftly and efficiently to potential threats. This is where Microsoft Sentinel’s automated triage capabilities are…

Posted on 8:00 am
Automation
0
Microsoft Sentinel - Fetch Threat Intelligence & Have updated incident information before a human opens the investigations.

Using Threat Intelligence in Microsoft Sentinel to Enhance Incidents

In this article, we explore real world automation and improvements to Sentinel Incidents. Leveraging Microsoft Sentinel Playbooks you can streamline your SOC security operations and respond to incidents faster and with the information your Analysts need to make decisions. A key component of this process is the integration of Threat Intelligence (TI) to enrich incident data with critical context – before anyone opens that incident to investigate.

Posted on 7:07 am
Automation
0
AzureTracks.com - Lady using a laptop to write Microsoft Sentinel Automation Rules in PowerShell using KQL

Responding to Incidents with Microsoft Sentinel – Part 3 – Gather Research Automatically

In this article we will explore automation enhancements to your Microsoft Sentinel environment. Today we will take a look at using Sentinel Playbooks and gathering information on an Incident automatically. In this article, we will explore an example of using Playbook Automation in Microsoft Sentinel to perform information lookup during an incident investigation.

Posted on 7:00 am
Automation
0
KQL to show records and data size to estimate costs of Sentinel data storage

Responding to Incidents in Microsoft Sentinel

Join me to explore next steps once you have investigated an incident. Taking action to respond to the threat in Microsoft Sentinel provides excellent automated response capabilities that can be used to respond to threats in real-time. Let’s explore!

Posted on 7:03 am