Achieving SOC Operational Efficiency for Azure Sentinel Hunting – the Replay

I had a fantastic time delivering this session yesterday for the Microsoft Cloud and Client Management Community (@mc2mcbe). This is the final version (until I update it with new information) of this session - which is the first in a series efficiency sessions I'm developing Azure Sentinel. So stay tuned for more. I believe at … Continue reading Achieving SOC Operational Efficiency for Azure Sentinel Hunting – the Replay

A few important updates to the Azure Sentinel CEF Connector

The CEF connector in Azure Sentinel has received some necessary updates and the docs have been updated already to reflect the changes. Docs: Connect your external solution using Common Event Format For those that have been working with this connector, it's worthwhile to see what's changed. Here's what's new... The command-line to install the CEF … Continue reading A few important updates to the Azure Sentinel CEF Connector

Why Enabling Entities for Azure Sentinel Investigations is so Important

Building out or enabling Analytics Rules in Azure Sentinel allows customers the ability to automate analysis of the data that is being ingested and stored in the Log Analytics workspace. These are important for exposing security events and potential threats to the environment. Analytics Rules produce Incidents (if you've allowed the defaults during the rule … Continue reading Why Enabling Entities for Azure Sentinel Investigations is so Important

Modernize Security for Efficiency and Scale Using Azure Sentinel from Microsoft

Recently, I let you know about an upcoming talk I'm giving about "How to Achieve SOC Operational Efficiency for Azure Sentinel Hunting." Check that out if it interests you. There may still be tickets available. It happens on Thursday, November 19, 2020. But, I now have another talk coming up even sooner. This one is … Continue reading Modernize Security for Efficiency and Scale Using Azure Sentinel from Microsoft

How to Send Azure SQL Server Audit Logs to Azure Sentinel

Still in preview, you can send your Azure-based SQL Server Audit logs to the same Log Analytics workspace that is being used by Azure Sentinel. In many other services, you would enable a Diagnostic Setting to send the logs to Azure Sentinel. But, Azure SQL Server is a bit different so it's good to highlight. … Continue reading How to Send Azure SQL Server Audit Logs to Azure Sentinel

How to Be Notified When an Azure Sentinel Analytics Rule Has been Created or Modified

It may seem a bit anal (personally, I don't think it is), but for security teams that want to "watch the watchers" they want to be notified when certain things in the Azure Sentinel structure are modified or created. I've been asked about this numerous times for the various areas in Azure Sentinel. To start … Continue reading How to Be Notified When an Azure Sentinel Analytics Rule Has been Created or Modified

MITRE ATT&CK Framework Reference Workbook for Azure Sentinel Updated with Latest Techniques

The MITRE Corporation today has announced some changes in it's tactics techniques, including the sunsetting of the PRE-ATT&ACK component only more recently announced. Per the release page: Retirement of PRE-ATT&CK - This release deprecates and removes the PRE-ATT&CK domain from ATT&CK, replacing its scope with two new Tactics in Enterprise ATT&CK Reconnaissance and Resource Development. … Continue reading MITRE ATT&CK Framework Reference Workbook for Azure Sentinel Updated with Latest Techniques

What is the app@sharepoint Account in my Azure Sentinel Data?

This is just a quick blog post for clarification purposes. We've had some internal discussion around this, but what predicated this blog post is the number of customers who've also asked about this most recently. Because we're continuing to improve the data and types of data that are exposed through our table schema and automated … Continue reading What is the app@sharepoint Account in my Azure Sentinel Data?