I am excited to announce an updated AlienVault OTX playbook for Azure Sentinel. Inspired by Matt Eagan’s Sentinel Ingestion article. This is a Logic App (playbook) to import threat indicators from AlienVault into Azure Sentinel using the Graph Security API. Sentinel GitHub Link Here My goal was to expand on Matt’s example to create an … Continue reading How to connect AlienVault OTX to Azure Sentinel
Author: Andrew Blumhardt
Azure Sentinel RBAC Review
I was recently asked by a customer to help prepare a matrix covering role-based access for Sentinel users and administrators. In this article I describe a custom Sentinel Advanced Responder role and several interesting points around Sentinel access management. Sentinel Access Matrix Example I recommend setting up user groups to define access for each category … Continue reading Azure Sentinel RBAC Review
Sentinel Email Notification Logic App
Azure Sentinel feature development is progressing at a rapid pace. Currently there is no option to setup an email subscription for all Sentinel incidents. Though I expect more tooling around email notifications in the near future. In the meantime, the following Logic App is a simple way to setup a global email subscription for Sentinel … Continue reading Sentinel Email Notification Logic App
Visualize Microsoft Forms results in Log Analytics
I was recently assisting a group of students with a project for the Sentinel Hackathon. We came up with the idea to create alerts and dashboards based on Suspicious Activity Reports. The following example will demonstrate how Microsoft Forms responses can be sent to Log Analytics using a Logic App for further analysis. The solution … Continue reading Visualize Microsoft Forms results in Log Analytics
You must be logged in to post a comment.