Spice Up Your Microsoft Sentinel KQL Query Results with Emoji

Here's a little-known tip that can help brighten an otherwise mundane query existence. Instead of producing the normal query results of boring and blah rows and columns of data to sift through, have a little fun with it. Did you know that KQL supports emoji? Emoji in KQL? Say it isn't so!! It has to … Continue reading Spice Up Your Microsoft Sentinel KQL Query Results with Emoji

How to Use Threatview.io Threat Intelligence Feeds with Microsoft Sentinel

Threatview.io provides some excellent threat intelligence feeds that can be used with Microsoft Sentinel as external sources. The Threatview.io feeds are updated regularly - generated daily at 11PM UTC - so you can be sure that the most current indicators will be available. The feeds are available from here: https://cda.ms/2mc The feeds are provided as … Continue reading How to Use Threatview.io Threat Intelligence Feeds with Microsoft Sentinel

How to Get a List of Your Active Analytics Rules for Microsoft Sentinel

Though I've used the Workspace Usage Report Workbook a hundred times or more, I've never quite identified this little treasure myself. There's a number of times that customers ask for a way to quickly get a list of their enabled Analytics Rules. There are ways of doing this using the API and PowerShell, but the … Continue reading How to Get a List of Your Active Analytics Rules for Microsoft Sentinel

How to Import One or Multiple Analytics Rules into Microsoft Sentinel

There are a few PowerShell options out there (including the official module) to help automate content and collateral deployment to your Microsoft Sentinel workspace. But the one from Jan Geisbauer is highly recommended. Jan's original blog post announcement about this new module is here: Alertrule from github to Azure sentinel | (emptydc.com) The PowerShell module … Continue reading How to Import One or Multiple Analytics Rules into Microsoft Sentinel

Building SOC Efficiency Using Microsoft Sentinel – BSides Fort Wayne

I recently had the pleasure of delivering a session on building SOC efficiency using Microsoft Sentinel at the inaugural conference of BSides in Fort Wayne, Indiana. My session is now posted... https://youtu.be/710PScDd91o Despite it being the first year and only a single day on a Saturday, interest and attendance was phenomenal. I look forward to … Continue reading Building SOC Efficiency Using Microsoft Sentinel – BSides Fort Wayne