Build 2022 has a LOT of awesome security-focused content along with the great content to be consumed for any number of focus areas. For my area of focus -- security -- here's the things I'm most interested in and the sessions that I'll be focusing on to glean knowledge for the things I'm tasked with … Continue reading The Security Content Guide to Microsoft Build 2022
Deploying Microsoft Sentinel Analytics Rules that are Already Enabled
The Repositories feature in Microsoft Sentinel is a popular way to deploy uniform content using a CI/CD pipeline to a single or to multiple Sentinel workspaces. The default for Analytics Rules is to deploy into the workspace as disabled. But many organizations prefer to deliver the updated or new content as ready-to-go and enabled already. … Continue reading Deploying Microsoft Sentinel Analytics Rules that are Already Enabled
Must Learn KQL Now Available from Amazon
The Must Learn KQL series has been a success with over 700 completion certificates delivered so far and many thousands more who have gone through the course or still progressing through. I fully expect to see over 1,000 certificates delivered soon. And this has all been through just word of mouth and focused directly on … Continue reading Must Learn KQL Now Available from Amazon
SC-100: Microsoft Cybersecurity Architect Gets a Learning Path
For those of us that took the SC-100 beta exam, there's a strong indicator today that the exam results could show up soon. That indicator is a new SC-100 Learn path. The Learn path is a set of modules that are repurposed from other exams, but it's a Learn path, nonetheless. The following is the … Continue reading SC-100: Microsoft Cybersecurity Architect Gets a Learning Path
Estimating the Size of the M365 Advanced Tables for Microsoft Sentinel Enablement
The Microsoft 365 Defender Connector in Microsoft Sentinel is coming along nicely with all the table sources now available to select. The Connector is still in public preview, but the progress is a very welcome sight. All the logs Even though ingesting the M365 Advanced logs is considered necessary, enabling them will cost something. There … Continue reading Estimating the Size of the M365 Advanced Tables for Microsoft Sentinel Enablement
MIM Portal & Application Context Authentication
The intention of this write-up is that you are modifying MIM Portal to switch email notifications to use the Application Context Authentication method as opposed to an SMTP relay or other method that uses a log on name and password. Basic Authentication will be deprecated somewhere around October 2022. A Modern Authentication needs to be … Continue reading MIM Portal & Application Context Authentication
Better Accessibility for the Vision Impaired in Microsoft Sentinel
Last year in July, my colleague Innocent Wafula talked about Accessibility and usability for all in Azure Sentinel. Things like responsive design, content reflow, and linear order go a long way to provide better accessibility value for Microsoft Sentinel but also the Azure portal, in general. But there's more that can be done. And, while it … Continue reading Better Accessibility for the Vision Impaired in Microsoft Sentinel
Microsoft Sentinel Watchlist for Verifying First-party Microsoft Applications in Sign-in reports
In the Sign-in logs you will regularly see Application IDs as user accounts. Most generally, these will be our own application IDs for commonly used services and products. These are generally considered non-nefarious, but they can show up in Incidents and take time to investigate. So, here's a Watchlist you can employ in your Microsoft … Continue reading Microsoft Sentinel Watchlist for Verifying First-party Microsoft Applications in Sign-in reports
Using Logic App Parameters with Microsoft Sentinel Playbooks
I recently made a recommendation about the importance of Making Use of Variables in Microsoft Sentinel Playbooks. In this post I want to take this just a bit further and make an addendum recommendation. Have you ever wondered how to generate those fill-in blanks that are produced during deployment of an ARM template (as shown … Continue reading Using Logic App Parameters with Microsoft Sentinel Playbooks
Receive an Email Notification Each Morning with the List of Daily Microsoft Sentinel Incidents Created
Would you like to have an email notification show up daily in your inbox (or your security team's share inbox) with a list of the Incidents created while you were sleeping? Here's a Logic App that is ready to fully deploy to your environment that delivers at 7am each morning and includes the list of … Continue reading Receive an Email Notification Each Morning with the List of Daily Microsoft Sentinel Incidents Created
You must be logged in to post a comment.