0
AzureTracks mascot wearing a blindfold hoping that Sentinel health is still under control!

Monitor Sentinel Data Connector Health – Alerting

Join me in taking a look at exploring Sentinel health data and using KQL to create an alert rule that tells our SOC team about data connector issues in Sentinel. This post walks through the KQL queries, exploring your data, and creating an alerting rule. Monitoring is an important part of good governance in Sentinel!

Posted on 6:52 am
0
AzureTracks mascot wearing a blindfold hoping that Sentinel health is still under control!

Monitor Sentinel Data Connector Health

There is more than one way to monitor most Azure infrastructure and data connectors are no exception. Today we look at creating a way to keep an eye on your data connectors operations in Sentinel, using Sentinel. Join me for a few minutes as we explore one of the important best practices in Microsoft Sentinel – health monitoring.

Posted on 7:05 am
0
Azure Lighthouse on AzureTracks.com

Azure Lighthouse & Sentinel at Scale – Part 3

In this post we continue our exploration of enabling multitenant management with scalability, higher automation, and enhanced governance across resources. Let’s jump right in this week and learn about the best practices and security baseline of using Azure Lighthouse. This is the last in a mini-series of three posts about Azure Lighthouse and Sentinel at scale; we have looked in detail at delegated permissions, what Azure Lighthouse is all about, and now we look at the best practices and how to deploy!

Posted on 6:55 am
0
Azure Lighthouse on AzureTracks.com

Azure Lighthouse & Sentinel at Scale – Part 2

In this post we continue our exploration of enabling multitenant management with scalability, higher automation, and enhanced governance across resources. Let’s jump right in this week and learn about delegation using Azure Lighthouse in enterprise scenarios and how an MSP might use delegation to optimize SOC operations. Join me for a good look at delegation & Lighthouse!

Posted on 7:19 am
0
Azure Lighthouse on AzureTracks.com

Azure Lighthouse & Sentinel at Scale

In this post we begin to explore enabling multitenant management with scalability, higher automation, and enhanced governance across resources. I think an Azure Lighthouse walk-through is long overdue here, so let’s get ready to talk about how to scale operations or a SOC to manage multiple tenants, enhance governance, all delivered using native Azure tooling! Let’s learn what makes Lighthouse so great for a SOC when working in multiple tenants!

Posted on 7:12 am
0
AzureTracks - Microsoft Sentinel Logo

Sentinel Health Data Visualization & Reporting

A common challenge after deploying Microsoft Sentinel has been how to keep track of your Data Connector health status. Last article, we explored getting a handle on our Microsoft Sentinel data connectors health. This week, we look visualizing and using that data with Sentinel Workbooks.

Posted on 7:10 am

M365 Operating Guide for Sec Ops Teams – Use with Microsoft Sentinel

When building out a SOC team, many organizations quickly realize that there are very few silos left in IT when it comes to cloud. Our SOC members need to have cloud platform skills, M365, Exchange, Active Directory, Azure Active Directory, Windows Server, REHL, and so many more skills. To say this a different way; our cloud landscape is flat, and we need members that have a wide band of skills with some specialties mixed in. This is complex to say the least, and with labour challenges in our post-covid world, we need ways to upskill our teams and build out operations manuals and tasks to support those teams.

Posted on 7:30 am

Set Log Analytics Workspace Data Cap

Let’s take a look at setting data ingestion caps in an Azure Log Analytics workspace today. There are different reasons why we may want to limit the data coming into our storage account, today we look at both setting the data cap, and alerting us when that data cap is reached through Azure Monitor alerting.

Posted on 9:35 am
0
AzureTracks Azure News Update

Azure Updates – Number 36 – May 7, 2022

A summary update on Azure news that includes updates released from Microsoft Azure related to Azure, Architecture, Compute, and Sentinel topics. Save time digging around to find recent releases and changes. Released May 7, 2022.

Posted on 9:07 am