RSA 2022 Interview on Sentinel Automation and Repositories and KQL

RSA 2022 was a wonderful event for me and for Microsoft, in general. We have a really awesome security story to tell, and the RSA crowd was a very welcoming group. I look forward to next year. During the event, I was fortunate enough to be selected by our good friends at Tiberium to talk … Continue reading RSA 2022 Interview on Sentinel Automation and Repositories and KQL

Certification Dashboard and SC-100 News

June 30 UPDATE: SC-100 is now out of beta and generally available. See: https://rodtrent.com/hrj There's some movement happening for those that are still anxiously waiting for their SC-100 exam results. For those that have been watching for the results to come through after taking the beta exam for SC-100 Microsoft Cybersecurity Architect, you probably read … Continue reading Certification Dashboard and SC-100 News

Spice Up Your Microsoft Sentinel KQL Query Results with Emoji

Here's a little-known tip that can help brighten an otherwise mundane query existence. Instead of producing the normal query results of boring and blah rows and columns of data to sift through, have a little fun with it. Did you know that KQL supports emoji? Emoji in KQL? Say it isn't so!! It has to … Continue reading Spice Up Your Microsoft Sentinel KQL Query Results with Emoji

How to Use Threatview.io Threat Intelligence Feeds with Microsoft Sentinel

Threatview.io provides some excellent threat intelligence feeds that can be used with Microsoft Sentinel as external sources. The Threatview.io feeds are updated regularly - generated daily at 11PM UTC - so you can be sure that the most current indicators will be available. The feeds are available from here: https://cda.ms/2mc The feeds are provided as … Continue reading How to Use Threatview.io Threat Intelligence Feeds with Microsoft Sentinel

How to Get a List of Your Active Analytics Rules for Microsoft Sentinel

Though I've used the Workspace Usage Report Workbook a hundred times or more, I've never quite identified this little treasure myself. There's a number of times that customers ask for a way to quickly get a list of their enabled Analytics Rules. There are ways of doing this using the API and PowerShell, but the … Continue reading How to Get a List of Your Active Analytics Rules for Microsoft Sentinel

How to Import One or Multiple Analytics Rules into Microsoft Sentinel

There are a few PowerShell options out there (including the official module) to help automate content and collateral deployment to your Microsoft Sentinel workspace. But the one from Jan Geisbauer is highly recommended. Jan's original blog post announcement about this new module is here: Alertrule from github to Azure sentinel | (emptydc.com) The PowerShell module … Continue reading How to Import One or Multiple Analytics Rules into Microsoft Sentinel