AzureTracks

Microsoft Sentinel Governance Deep-Dive Part 2

This week continues our look at an ongoing set of Governance tasks that we can do to keep our Sentinel instances working smoothly and helping our SOC team stay focused on handling Incidents and threat hunting. Today we continue our detailed look at not only what to review, but walking through the steps together. In today’s article we will review even more deep-dive details on how to optimize and maintain your Sentinel instances in a meaningful and optimized fashion. This week, we talk data management, automations, and RBAC.

Posted on February 15, 2024 7:10 am

Azure

Microsoft Sentinel Governance Deep-Dive

This week we continue our mini-series looking at Sentinel Governance tasks that we can do to keep our favourite SIEM/SOAR solution working smoothly to detect attacks and providing visibility into threats to our environments. Sentinel is like having a superhero team that protects your enterprise from cyber threats! 🦸‍♂️🦸‍♀️

Posted on February 1, 2024 6:55 am

Azure

Microsoft Sentinel Governance Overview

This week I take a brief look at some ongoing Governance tasks that we can do to keep our Sentinel instances working smoothly and helping our SOC team have a better day. Making a living finding needles in a haystack can be hard, let’s look at some best practices for governance to help our SOC team focus on finding those little clues!

Posted on January 18, 2024 7:33 am

Azure

Azure Updates – Number 77 – November 18, 2023 – Ignite Edition

A summary update on Azure news that includes updates released from Microsoft Azure related to Azure, Architecture, Compute, and Sentinel topics. Save time digging around to find recent releases and changes from Microsoft Ignite 2023!

Posted on November 18, 2023 9:41 am

Azure

Deploying Microsoft Sentinel with PowerShell – Part 2

Join me for Part 2 of deploying Microsoft Sentinel so that we can test different scenarios with data connectors, analytics rules, hunting queries, and automations. Together, we are building a way to quickly deploy Sentinel to allow testing and validations outside production.

Posted on March 16, 2023 6:30 am

Azure

Deploying Microsoft Sentinel with PowerShell

Join me in the latest walkthrough to quickly deploy Microsoft Sentinel so that we can test different scenarios with data connectors, analytics rules, hunting queries, and automations. This is an important idea – testing in non-production – that is often overlooked due to complexity of deployment. Come explore a great way to quickly deploy Sentinel to allow testing and validations outside production.

Posted on March 3, 2023 10:14 am

Azure

The case of the Duplicate Incidents in Microsoft Sentinel

This is the story about the case of the duplicate incidents in Microsoft Sentinel. Join me as we explore different ways to create incidents, and understand how incidents are created so that we can identify potential duplication.

Posted on January 19, 2023 7:05 am

Automation

Sentinel & Log Analytics – How to Create Incidents to Test with – Part 2 – The Automation Rule

Today, I’d like to talk about using Microsoft Sentinel and address a common question that many teams have when they are starting to work with the Sentinel SIEM/SOAR solution….Part 2 of How do I create incidents to test with? Today we look at the automation rule and how we can use it trigger our Playbook or other automation that needs to be tested.

Posted on October 18, 2022 7:35 am

Automation

Sentinel & Log Analytics – How to Create Incidents to Test with – Part 1

Posted on October 11, 2022 7:35 am

Azure

Sentinel & Log Analytics – Where is my Data?

Today, I’d like to talk about using Microsoft Sentinel and address a common question that many teams have when they are starting to work with the Sentinel SIEM/SOAR solution….Where is my Data?

Posted on September 30, 2022 10:46 am

Tag: security