There have been some enhancements to the permissions available to apply as roles to the Azure Sentinel service and some new recommendations that are worth highlighting here. These enhancements have filtered into our documentation without any fanfare, so they are easy to miss. Azure Sentinel Automation Contributor allows Azure Sentinel to add playbooks to automation rules. … Continue reading Adjustments to Azure Sentinel Permissions →

There's been a lot of talk recently about how long to actually store active data in a SIEM and then what to do with that data once it's no longer relevant to active operations. With Azure Sentinel, you get 90 days of active data retention. After that, you'll want to export it to cold storage … Continue reading Moving Azure Sentinel Data to ADX for Long Term Storage →

Called out in the Notes section for the new version of Entity Mapping for Azure Sentinel, there's some tidbits of good and important information you should all be aware of. I've had several questions around this recently and a lot of times there's nothing better than the good, old docs. I'm going to expose the … Continue reading Important Changes in the New Entity Mapping Feature for Azure Sentinel →

An unceremoniously released feature is now available in Azure Workbooks that also works with your Azure Sentinel Workbooks. This has been a much anticipated enhancement - particularly for those organizations that want to display Workbooks as dashboards on large SOC screens. Configure the schedule so that you're always looking at and working with the most … Continue reading How to Auto-refresh Your Azure Sentinel Workbook Data →

A new calculator is available that allows you to get the full economic value of utilizing Azure Sentinel. From the calculator: This interactive model is based upon the Forrester Consulting study, The Total Economic Impact of Microsoft Azure Sentinel, commissioned by Microsoft. Working with Microsoft customers, Forrester identified and quantified key benefits of investing in … Continue reading How to Determine the Total Economic Impact of Azure Sentinel →

Buried deep into each Incident is a location to determine which automations have been run against the Incident you are working with. This is a good spot to help determine if automation is working. This area will show those that have been run both manually against the Incident and those that were run against the … Continue reading How to See Which Playbooks Have Run Against an Azure Sentinel Incident →

Announced on Wednesday, Automation Rules (and the new Automation blade) for Azure Sentinel have now been made available in the console. There's two types of SOAR capability in Azure Sentinel now: Playbooks (which is what you're already familiar with) and Automation Rules. As I like to do here on this blog, I'll circle back and … Continue reading New Resources for Azure Sentinel Automation Rules →