Building the Azure Sentinel Toolbox: MyEventLog

I recently posted about the Threat Analytics Search Browser Plug-in as a tool I use to provide critical functionality to my Azure Sentinel threat hunting. The browser plug-in allows me to quickly identify valid IPs, domain names, etc. within the query tool and in Hunting queries in Azure Sentinel.

However, there are other tools I use to aid in my Azure Sentinel endeavors. One of those is is a resource I recommended for locating specific Event IDs that show up in the results of running KQL queries in the Azure Sentinel console. Yeah…it’s easy to use any browser search or your favorite search engine to eventually locate all the necessary information needed, but I’ve found that’s expanse of capability helps get to the vital information quicker. And, because we’re talking about exposing and identifying threats in the organization, time is of the essence.

What makes so valuable is that it provides full search ability. You can search by ID number, the Source, the Category, and even the returned Message.

MyEventLog – searching for New Process

Have an Azure Sentinel toolbox recommendation of your own? Let me know.

[Want to discuss this further? Hit me up on Twitter or LinkedIn]