Microsoft Sentinel this Week – Issue #67
Spice Up Your Microsoft Sentinel KQL Query Results with Emoji
Here's a little-known tip that can help brighten an otherwise mundane query existence. Instead of producing the normal query results of boring and blah rows and columns of data to sift through, have a little fun with it. Did you know that KQL supports emoji? Emoji in KQL? Say it isn't so!! It has to … Continue reading Spice Up Your Microsoft Sentinel KQL Query Results with Emoji
How to Use Threatview.io Threat Intelligence Feeds with Microsoft Sentinel
Threatview.io provides some excellent threat intelligence feeds that can be used with Microsoft Sentinel as external sources. The Threatview.io feeds are updated regularly - generated daily at 11PM UTC - so you can be sure that the most current indicators will be available. The feeds are available from here: https://cda.ms/2mc The feeds are provided as … Continue reading How to Use Threatview.io Threat Intelligence Feeds with Microsoft Sentinel
How to Get a List of Your Active Analytics Rules for Microsoft Sentinel
Though I've used the Workspace Usage Report Workbook a hundred times or more, I've never quite identified this little treasure myself. There's a number of times that customers ask for a way to quickly get a list of their enabled Analytics Rules. There are ways of doing this using the API and PowerShell, but the … Continue reading How to Get a List of Your Active Analytics Rules for Microsoft Sentinel
How to Import One or Multiple Analytics Rules into Microsoft Sentinel
There are a few PowerShell options out there (including the official module) to help automate content and collateral deployment to your Microsoft Sentinel workspace. But the one from Jan Geisbauer is highly recommended. Jan's original blog post announcement about this new module is here: Alertrule from github to Azure sentinel | (emptydc.com) The PowerShell module … Continue reading How to Import One or Multiple Analytics Rules into Microsoft Sentinel
Building SOC Efficiency Using Microsoft Sentinel – BSides Fort Wayne
I recently had the pleasure of delivering a session on building SOC efficiency using Microsoft Sentinel at the inaugural conference of BSides in Fort Wayne, Indiana. My session is now posted... https://youtu.be/710PScDd91o Despite it being the first year and only a single day on a Saturday, interest and attendance was phenomenal. I look forward to … Continue reading Building SOC Efficiency Using Microsoft Sentinel – BSides Fort Wayne
SC-100 Gets Its Own Learning Path
When the exam for the Microsoft Cybersecurity Architect, SC-100, first went into beta, a few temporary learning modules were erected on the exam guidance page. The temporary modules didn't make a lot of sense and were focused on AZ and SC series exams that really didn't have a lot of bearing. Well, fortunately, SC-100 now … Continue reading SC-100 Gets Its Own Learning Path
You must be logged in to post a comment.