Join me as we walk through creating a custom Microsoft Sentinel Analytics Rule using KQL to identify suspicious login patterns based on failed attempts. We will explore the different components of creating these custom rules, what tuning looks like, and creating incidents from the rules.
Let’s talk about Microsoft Sentinel and managing costs. With cost being foundational pillar of Microsoft’s Well Architected Framework, part of good governance, and a major driver for product selection of SIEMs; let’s see if we can take some of mystery out of how to get started with managing costs in our favourite SIEM solution!
Today, we explore creating custom Automation Rules in Microsoft Sentinel to help us auto-close low value incidents. Let’s look at how we can automatically close & impact incidents and make it all work using PowerShell!
This is the story about the case of the duplicate incidents in Microsoft Sentinel. Join me as we explore different ways to create incidents, and understand how incidents are created so that we can identify potential duplication.
Today, I’d like to talk about using Microsoft Sentinel and address a common question that many teams have when they are starting to work with the Sentinel SIEM/SOAR solution….Part 2 of How do I create incidents to test with? Today we look at the automation rule and how we can use it trigger our Playbook or other automation that needs to be tested.
Today, I’d like to talk about using Microsoft Sentinel and address a common question that many teams have when they are starting to work with the Sentinel SIEM/SOAR solution….Part 1 of How do I create incidents to test with?