========================= [Want to discuss this further? Hit me up on Twitter or LinkedIn] [Subscribe to the RSS feed for this blog] [Subscribe to the Weekly Microsoft Sentinel Newsletter] [Subscribe to the Weekly Microsoft Defender Newsletter] [Learn KQL with the Must Learn KQL series and book]
Microsoft Sentinel this Week – Issue #73
========================= [Want to discuss this further? Hit me up on Twitter or LinkedIn] [Subscribe to the RSS feed for this blog] [Subscribe to the Weekly Microsoft Sentinel Newsletter] [Subscribe to the Weekly Microsoft Defender Newsletter] [Learn KQL with the Must Learn KQL series and book]
Microsoft Defender Weekly Wrap – Issue #36
========================= [Want to discuss this further? Hit me up on Twitter or LinkedIn] [Subscribe to the RSS feed for this blog] [Subscribe to the Weekly Microsoft Sentinel Newsletter] [Subscribe to the Weekly Microsoft Defender Newsletter] [Learn KQL with the Must Learn KQL series and book]
Microsoft Sentinel this Week – Issue #72
========================= [Want to discuss this further? Hit me up on Twitter or LinkedIn] [Subscribe to the RSS feed for this blog] [Subscribe to the Weekly Microsoft Sentinel Newsletter] [Subscribe to the Weekly Microsoft Defender Newsletter] [Learn KQL with the Must Learn KQL series and book]
Adding TI in Bulk to Microsoft Sentinel in Public Preview
Today the ability to upload new Threat Intelligence (indicators) is available in Public Preview. A new Import tab in the Threat Intelligence blade of the Microsoft Sentinel console allows you to import from a flat file (csv or JSON) and also manage existing imports. Import TI The Docs are already available: Add indicators in bulk … Continue reading Adding TI in Bulk to Microsoft Sentinel in Public Preview
Recipes for Automation: Reading About Updated Microsoft Sentinel Content in a Microsoft Teams SOC Channel
This post is part of an ongoing series to provide ideas for enhancing security operations through automation. Microsoft Sentinel has built-in SOAR capability, so the prescriptive guidance provided here can be implemented immediately and without much effort. ================================= Microsoft Sentinel is updated constantly, and many customers would like better ways to know when things are … Continue reading Recipes for Automation: Reading About Updated Microsoft Sentinel Content in a Microsoft Teams SOC Channel
Reusing Microsoft Sentinel Watchlists Across Tenants
Here's a common question (just received it again today, in fact). Q: Is it possible to do cross-tenant retrieval of watchlists? A: Retrieving Watchlist content through API isn't available yet and Repositories doesn't support Watchlists. So, here's suggestions of a couple things you could do: [1] Query the Watchlist and export the results to a … Continue reading Reusing Microsoft Sentinel Watchlists Across Tenants
Must Learn KQL Updates – July 22, 2022
Thanks to the power of using DevOps for publishing, the Must Learn KQL series and its artifacts can stay fresh and constantly up to date. I mentioned on Twitter and other social media places over the last week that the entire series has been updated. So, I wanted to set that message in stone by … Continue reading Must Learn KQL Updates – July 22, 2022
Microsoft Defender Weekly Wrap – Issue #35
========================= [Want to discuss this further? Hit me up on Twitter or LinkedIn] [Subscribe to the RSS feed for this blog] [Subscribe to the Weekly Microsoft Sentinel Newsletter] [Subscribe to the Weekly Microsoft Defender Newsletter] [Learn KQL with the Must Learn KQL series and book]
Microsoft Sentinel this Week – Issue #71
========================= [Want to discuss this further? Hit me up on Twitter or LinkedIn] [Subscribe to the RSS feed for this blog] [Subscribe to the Weekly Microsoft Sentinel Newsletter] [Subscribe to the Weekly Microsoft Defender Newsletter] [Learn KQL with the Must Learn KQL series and book]
You must be logged in to post a comment.