AzureTracks

Microsoft Sentinel Automated Triage - Elevate your Security Posture

Automated Triage in Microsoft Sentinel

In today’s post we will look at some different ways to automate incident triage in Microsoft Sentinel. Organizations face an ever-increasing volume of security threats. Cyberattacks are becoming more sophisticated, and the sheer number of alerts can overwhelm even the most seasoned security teams. Automated triage in Microsoft Sentinel emerges as a crucial solution, empowering organizations to respond swiftly and efficiently to potential threats. This is where Microsoft Sentinel’s automated triage capabilities are…

Posted on February 6, 2025 8:00 am

Azure

Microsoft Defender for Cloud - A defender pictured as a knight with a shield defending against technology threats and badguys!

Onboard a Single Subscription with Microsoft Defender for Cloud

In today’s post we will look at a targeted way to harness the full potential of your Azure security by integrating Microsoft Defender for Cloud with Microsoft Sentinel. This powerful combination allows for advanced threat detection, seamless monitoring, and a unified view of your security posture. We want to select our Sentinel data connectors while being thoughtful. The Microsoft Defender XDR data connector is the modern connector version that we should all use in most cases; but the legacy connector is useful when we have only specific subscriptions that we want to bring into Sentinel. The older, legacy connector, requires the manual selection of the subscriptions to include in the data ingestion; it is the perfect solution if you have a tenant that you only want 2 of the many subscriptions provisioned.

Posted on January 23, 2025 7:15 am

Azure

Mastering Data Ingestion in Microsoft Sentinel

In this post, we examine how to review and master your data connectors to optimize ingestion. Organizations worldwide are investing […]

Posted on November 14, 2024 7:02 am

Azure

Building a Microsoft Sentinel Data Use Case

Join me this week to gain an in-depth understanding on how to clearly define what data to retain. Data retention is not just a regulatory box to tick; it’s the backbone of a robust security posture. In the realm of Microsoft Sentinel, understanding how to manage your data retention is key to leveraging the full potential of your SIEM system. From cost management to compliance, the way you handle data can make or break your security operations.

Posted on November 6, 2024 8:40 am

Azure

Azure Lighthouse & Sentinel at Scale – Part 3

In this post we continue our exploration of enabling multitenant management with scalability, higher automation, and enhanced governance across resources. Let’s jump right in this week and learn about the best practices and security baseline of using Azure Lighthouse. This is the last in a mini-series of three posts about Azure Lighthouse and Sentinel at scale; we have looked in detail at delegated permissions, what Azure Lighthouse is all about, and now we look at the best practices and how to deploy!

Posted on April 11, 2024 6:55 am

Azure

Azure Lighthouse & Sentinel at Scale – Part 2

In this post we continue our exploration of enabling multitenant management with scalability, higher automation, and enhanced governance across resources. Let’s jump right in this week and learn about delegation using Azure Lighthouse in enterprise scenarios and how an MSP might use delegation to optimize SOC operations. Join me for a good look at delegation & Lighthouse!

Posted on March 28, 2024 7:19 am

Azure

Azure Lighthouse & Sentinel at Scale

In this post we begin to explore enabling multitenant management with scalability, higher automation, and enhanced governance across resources. I think an Azure Lighthouse walk-through is long overdue here, so let’s get ready to talk about how to scale operations or a SOC to manage multiple tenants, enhance governance, all delivered using native Azure tooling! Let’s learn what makes Lighthouse so great for a SOC when working in multiple tenants!

Posted on March 14, 2024 7:12 am

Azure

Log Analytics Workspace Table Data Retention Settings

Cost Management & Microsoft Sentinel Part 2

Today we explore additional cost management options to use as part of your ongoing governance in Microsoft Sentinel. Let’s dive into the world of Log Analytics Workspace configurations together!

Posted on May 11, 2023 7:13 am

Automation

AzureTracks - Microsoft Sentinel - Log Analytics workspace Data Cap - A man working on data graphs at a desk

Set Log Analytics Workspace Data Cap

Let’s take a look at setting data ingestion caps in an Azure Log Analytics workspace today. There are different reasons why we may want to limit the data coming into our storage account, today we look at both setting the data cap, and alerting us when that data cap is reached through Azure Monitor alerting.

Posted on October 7, 2022 9:35 am

Azure

Azure Updates – Number 22 – October 23, 2021

A summary update on Azure news that includes updates released from Microsoft Azure related to Azure, Architecture, Compute, and Sentinel topics. Save time digging around to find recent releases and changes. Released October 23, 2021.

Posted on October 23, 2021 9:20 am

Category: Optimization