Experience Azure Sentinel with Our New Interactive Learn Guide

We're putting together quite a number of resources to help Azure Sentinel customers and those curious about Azure Sentinel get better understanding of how the product works and functions to help monitor the environment for potential threats. For earlier Learn guides see: Azure Sentinel Learning Path Now AvailableNew Azure Sentinel Learning Modules Released A new … Continue reading Experience Azure Sentinel with Our New Interactive Learn Guide

Azure Sentinel SecurityIncident Table Hits General Availability

Many have already been taking advantage of the SOC operation metrics in the SecurityIncident table for Azure Sentinel. This table provides overall efficiency metrics and measures to gauge the performance of your team. Per https://docs.microsoft.com/en-us/azure/sentinel/manage-soc-with-incident-metrics: Every time you create or update an incident, a new log entry will be added to the table. This allows … Continue reading Azure Sentinel SecurityIncident Table Hits General Availability

Worth knowing: Multiple Execution Failures Force Azure Sentinel Analytics Rules to Auto-disable

Rare? Yes...this is a rare enough situation that I've only recently seen once - and only recently. And, thanks to a customer exposing me to this occurrence, I'm a bit smarter. I love it when I get to learn new things about Azure Sentinel. As shown in the image, a customer had located several Scheduled … Continue reading Worth knowing: Multiple Execution Failures Force Azure Sentinel Analytics Rules to Auto-disable

New Timeline View in Azure Sentinel Incidents Details in Public Preview

A new public preview has begun rollout today that takes some of the Timeline details from the Investigation Graph and makes it available directly in the Incident details. New Timeline view Public Preview This capability exposes some of the important pieces of the Investigation Graph to enable a quick view understanding of the storyline of … Continue reading New Timeline View in Azure Sentinel Incidents Details in Public Preview

Azure Sentinel Cybersecurity Maturity Model Certification (CMMC) Workbook Redux

In preparation for the new Cybersecurity Maturity Model Certification (CMMC) from the Department of Defense (DoD), many of our customers and partners have asked for more information on how to prepare for audits and to maintain compliance. Mandatory review of DOD's compliance on CMMC is delayed somewhat, but that gives organizations more time to prepare. … Continue reading Azure Sentinel Cybersecurity Maturity Model Certification (CMMC) Workbook Redux

How to Monitor the Microsoft AlwaysOn VPN with Azure Sentinel

If you want to have the information from the Microsoft AlwaysOn VPN in Azure Sentinel, do the following: [1] Make sure you have the Azure Monitor Agent (MMA, Log Analytics Agent) installed and are collecting the Application log. This requires the SecurityEvent Data Connector be enabled, btw. Add the Application log to the Agent Configuration … Continue reading How to Monitor the Microsoft AlwaysOn VPN with Azure Sentinel

How to Factor in the Azure Sentinel Automation Delay

Using a mixture of Automation Rules and Playbooks, you can develop some effective automation around common responses to Incidents in Azure Sentinel. The Automation Rules feature is new and compliments the original Playbooks feature extremely well. In some cases, an Automation Rule is all that's needed. But, it's important to understand a slight nuance in … Continue reading How to Factor in the Azure Sentinel Automation Delay

Microsoft Security Insights Podcast Cage Match

Just a heads-up about a quickly upcoming event. On Wednesday evening (March 31st at 6pm EST), the Microsoft Security Insights Podcast is inviting all previous guests back for an all hands on event to supply a round-table for Microsoft security topics. The topics are wide-open and if you join the Twitch steam, you can ask … Continue reading Microsoft Security Insights Podcast Cage Match

How to Add ADFSSignInLogs to Azure Sentinel

A recent enhancement to the Diagnostic Settings for Azure AD allows you to add the AD FS sign-in information to be used in your Azure Sentinel environment. This is a long awaited capability. To enable the ADFSSignInLogs to be available in your Azure Sentinel environment, modify the Diagnostic Setting for Azure AD that was created … Continue reading How to Add ADFSSignInLogs to Azure Sentinel

How to Reenable Analytics Rules Disabled by Enabling the Microsoft 365 Defender (Preview) Alerts

I've seen a few questions around this recently, so it's worth highlighting here. The Microsoft 365 Defender connector is in public preview and the intent for this connector is to eventually consolidate all the Defender-type service connections into a single connector. Awesome intent. Logical. However, because it's in preview, it's not quite at full capability … Continue reading How to Reenable Analytics Rules Disabled by Enabling the Microsoft 365 Defender (Preview) Alerts