Join me for the final article in the min-series on Enhancing Microsoft Sentinel. Today, we review ongoing optimizations and how to stay ahead of emerging threats.
Join me for Part 2 of 3 where we review advanced customizations in Microsoft Sentinel. We review some of the steps to advance your threat hunting and better protect your environment.
Join me for Part 1 of 3 where we review Building a Stronger Foundation in Microsoft Sentinel. We review the steps to help review and build a stronger SIEM solution together.
Let’s talk about Microsoft Sentinel and managing costs. With cost being foundational pillar of Microsoft’s Well Architected Framework, part of good governance, and a major driver for product selection of SIEMs; let’s see if we can take some of mystery out of how to get started with managing costs in our favourite SIEM solution!
A common challenge that security teams face is simply not knowing where all the artifacts can be found during an investigation. Microsoft Defender tools are capable of collecting a lot of data, and that can create questions during investigations of where is all this data and how do I find it quickly? Join me for a tour of the basics of Defender data retention periods and where to find that data.
Log Analytics workspaces provide a special way to store log data from multiple sources such as Microsoft Defender for Cloud, Azure Monitor, and so much more. A workspace typically combines data from multiple services and likely has it’s own distinct configuration for retention. I get a lot of questions about what the differences between workspaces within the Log Analytics scope are and why we would use them. Let’s take a look today at some of the information around Microsoft Azure Log Analytics Workspaces.