The Data Connector that utilizes the modern agent (AMA) for collecting Windows Events has now been released into GA. Legacy and Current Azure Sentinel customers will notice a couple things for this connector. First off, the preview tag is missing. But, secondly, the original Security Events connector is now labeled as the Legacy Agent. Docs: … Continue reading The Preview Tag Drops from the Windows Security Events Data Connector for Azure Sentinel →

This is it! Your guide to all things Azure Sentinel at Microsoft Ignite, November 2-4, 2021. And, while there's not exactly stacks of Azure Sentinel-specific content, there's what I like to call Azure Sentinel "themed" content that should prove valuable to all of you. Listed below are some opportunities to hear and learn about Azure … Continue reading The Azure Sentinel Guide to Microsoft Ignite 2021 →

Just a heads-up that the consolidated Microsoft Defender Data Connector for Azure Sentinel has received an upgrade today. For many months, the only available connection for this all-in-one was for Defender for Endpoint. Today, Azure Sentinel customers can enjoy connecting Defender for Office 365 (MDO). Microsoft Defender for Office 365! This new connection enables data … Continue reading Microsoft Defender for Office 365 for Azure Sentinel Now Available →

I am a pioneer of sorts. It was completely unintended. A few months back, I submitted a session to an in-person conference (MMS Miami Beach Edition), assuming that by the time the conference kicked-off there'd be a lot of great information to pull from to connect a Cloud PC to Azure Sentinel. The conference is … Continue reading How to Monitor for Brute Force Attack Against a Cloud PC in Azure Sentinel →

A new Azure Sentinel capability is available that allows you to assign Incidents to groups you have created in Azure Active Directory. Assign Groups to Incidents You can see in my image above that I can assign any Incident to a SOC Investigative Analysts or SOC Hunting Analysts group. Just so you don't go looking … Continue reading How to Assign Azure Sentinel Incidents to AAD Groups →

We have always provided a lot of awesome out-of-the-box collateral for customers to start using Azure Sentinel right after installation. Out-of-the-box there have been Analytics Rules, Data Connectors, Hunting Queries, Workbooks, etc, but there have never been any Playbook templates provided. Today, if you venture inside the Automation section in the Azure Sentinel console, you'll … Continue reading Azure Sentinel Gets Built-in Playbooks Templates and Expanded Menu Options →

A new feature has been added for Analytics Rules in Azure Sentinel that allows you to verify the changes prior to accepting to update the rule from the updated template. Our Analytics Rules are updated from time-to-time for various reasons. Mostly, they are updated to improve detection. But, there may be times a rule that … Continue reading New Template Update Verification Feature for Azure Sentinel Analytics Rules →

For those Azure Sentinel customers digging into the console this morning, you'll notice a slight change in the layout. Solutions and Community have been pulled from the original spot under the Configuration area and placed in a new Content Management section. Solutions seems a tad bit out of place and it really seems like News … Continue reading Subtle Azure Sentinel Console Change in New Content Management Area →