How to Generate Azure Sentinel Incidents for Testing

Do you want to generate an Incident in Azure Sentinel for testing/demoing? Here's a couple easy ways to do it. These are a few of the methods I use (and have customers use) after building a customer lab. Additionally, I may update this post from time-to-time to include more methods and I'm only going to … Continue reading How to Generate Azure Sentinel Incidents for Testing

Creating Cloud Shell Storage Resources in a Different Azure Region

I had a situation recently where I needed to test to determine if a specific cmdlet for the Azure Sentinel PowerShell module would run in a specific Azure region. Cloud Shell instances require storage to function. When you initiate a Cloud Shell instance and accept the defaults it generates a random set of storage account … Continue reading Creating Cloud Shell Storage Resources in a Different Azure Region

The Holy Grail of Azure Sentinel Data Connections: The Azure Service Diagnostic Setting

The Azure Sentinel product group continues to crank out new Data Connector after new Data Connector. There is a significant goal to provide as many customer requested Data Connectors as possible and I hope you've seen the mighty effort in place toward this goal. There's new Data Connectors available constantly. The Data Connector is intended … Continue reading The Holy Grail of Azure Sentinel Data Connections: The Azure Service Diagnostic Setting

An Azure Sentinel GitHub Reorg and a Playbook to Auto-close MCAS Alerts

I hear from customers quite a bit that it's hard to identify what's new for Azure Sentinel -- both in new console features and in additional GitHub repository collateral. Personally, I use the RSS feed to monitor what's new. And, you can too. Load the following up in your favorite RSS reader... Azure Sentinel GitHub … Continue reading An Azure Sentinel GitHub Reorg and a Playbook to Auto-close MCAS Alerts

Tuning the MCAS Analytics Rule for Azure Sentinel: System Alerts and Feature Deprecation

I noted recently how powerful and valuable Microsoft Cloud App Security (MCAS) is, but also how noisy it can make the Azure Sentinel console unless the MCAS policies are tuned correctly. See: Tuning the Noise Out of MCAS for Azure Sentinel That post struck a chord with a number of people. So, I thought I'd … Continue reading Tuning the MCAS Analytics Rule for Azure Sentinel: System Alerts and Feature Deprecation

Tuning the Noise Out of MCAS for Azure Sentinel

It's funny, the first question out of my mouth when a customer asks for help tuning the noise for Azure Sentinel is: "Is your noisiest connection MCAS, by any chance?" 95% of the responses are a resounding: "Yes" Most customers think that it's Azure Sentinel's problem, but it's not. It's actually a tuning issue for … Continue reading Tuning the Noise Out of MCAS for Azure Sentinel

SOC Prime Extends Its Azure Sentinel Promotion Until the End of 2021

In November of 2020, Ofer posted about a cool offer from SOC Prime that enabled Azure Sentinel customers to take advantage of free content including Rule Packs and Playbooks. SOC Prime has now extended the offer to the end of 2021. This is an awesome opportunity to connect your Azure Sentinel environment to the SOC … Continue reading SOC Prime Extends Its Azure Sentinel Promotion Until the End of 2021

Follow-up: Microsoft Tech Talks Practical Sentinel: A Day in the Life of a Sentinel Analyst

We delivered a Microsoft Tech Talk on Azure Sentinel on Friday, February 12, 2021. Thanks so much for all those that registered and attended. Due to policy, there is no replay for this, but we're talking now about turning this in a continuing series for Azure Sentinel. So stay tuned for that. That said, the … Continue reading Follow-up: Microsoft Tech Talks Practical Sentinel: A Day in the Life of a Sentinel Analyst