0
Belgian Malinois IT Security Dog

Microsoft Sentinel Governance Deep-Dive Part 2

This week continues our look at an ongoing set of Governance tasks that we can do to keep our Sentinel instances working smoothly and helping our SOC team stay focused on handling Incidents and threat hunting. Today we continue our detailed look at not only what to review, but walking through the steps together. In today’s article we will review even more deep-dive details on how to optimize and maintain your Sentinel instances in a meaningful and optimized fashion. This week, we talk data management, automations, and RBAC.

Posted on 7:10 am
0
KQL to show records and data size to estimate costs of Sentinel data storage

Cost Management & Microsoft Sentinel

Let’s talk about Microsoft Sentinel and managing costs. With cost being foundational pillar of Microsoft’s Well Architected Framework, part of good governance, and a major driver for product selection of SIEMs; let’s see if we can take some of mystery out of how to get started with managing costs in our favourite SIEM solution!

Posted on 7:35 am

Sentinel & Log Analytics – How to Create Incidents to Test with – Part 2 – The Automation Rule

Today, I’d like to talk about using Microsoft Sentinel and address a common question that many teams have when they are starting to work with the Sentinel SIEM/SOAR solution….Part 2 of How do I create incidents to test with? Today we look at the automation rule and how we can use it trigger our Playbook or other automation that needs to be tested.

Posted on 7:35 am