Subtle Azure Sentinel Console Change in New Content Management Area

For those Azure Sentinel customers digging into the console this morning, you'll notice a slight change in the layout. Solutions and Community have been pulled from the original spot under the Configuration area and placed in a new Content Management section. Solutions seems a tad bit out of place and it really seems like News … Continue reading Subtle Azure Sentinel Console Change in New Content Management Area

How to Add the New Azure Sentinel Hunting Columns for MITRE Techniques, Results Delta, and Results Delta Percentage

Those sneaky Azure Sentinel engineers! A few new data points have shown up in the Azure Sentinel console, specifically in the Hunting section. These data points are available as new columns in the Hunting display and include: MITRE ATT&CK Techniques - This is the more specific technique that's associated with the based tactic. You can … Continue reading How to Add the New Azure Sentinel Hunting Columns for MITRE Techniques, Results Delta, and Results Delta Percentage

How to Locate installed LA Agents and If On-prem or in Azure

My colleague, Sonia Cuff, recently posted a great article around How to find your Azure Log Analytics agent deployments in preparation for the Azure Monitor agent. In the article, she presents a couple different ways to locate the Log Analytics agent including using PowerShell and the actual Log Analytics service console. There's also another way … Continue reading How to Locate installed LA Agents and If On-prem or in Azure

How to Subscribe to the Azure Security Center Wrap Newsletter

The Azure Sentinel newsletter "experiment" I started a few months ago is a confirmed success. Its become a wildly popular weekly Inbox insert for many and the subscriber growth is still steadily increasing. And, for those that don't care for yet another newsletter, there's also a huge following for direct access through the social media … Continue reading How to Subscribe to the Azure Security Center Wrap Newsletter

How to Prepare to Obtain the Azure Sentinel Notebooks Ninja Certificate

Our first Azure Sentinel Notebooks Ninja public training is on tap. For those that have already registered, the first session is scheduled for┬áSeptember 30, 2021. If you want to be included in additional training sessions, register using the form: https://cda.ms/2D1 As a lead-up to our first public-facing Azure Sentinel Notebooks training session and the upcoming … Continue reading How to Prepare to Obtain the Azure Sentinel Notebooks Ninja Certificate

Duplicate Content After Deploying an Azure Sentinel Solution

I've been asked this a couple times recently and thought it necessary to expose and highlight. When you deploy an Azure Sentinel solution, it creates the content in the Azure Sentinel environment that's associated with the solution. Things like Analytics Rules, Workbooks, Data Connectors, Parsers, Hunting Queries, etc. that are necessary for the Solution to … Continue reading Duplicate Content After Deploying an Azure Sentinel Solution

How to Get Time Range Help Directly in the Azure Sentinel Console

There's been a mighty effort over the last many months to include helpful links and information directly in the Log Analytics workspace for Azure Monitor - which, thankfully, is also available to Azure Sentinel customers in the Logs blade. A recent update makes getting better information around Time Range syntax quicker and easier, and I'm … Continue reading How to Get Time Range Help Directly in the Azure Sentinel Console

How to Create a Pie Chart Showing Threat Protection Signature Versions

If you'd like to get a sense of the versions for the threat protection signature files that are installed in your environment, here's a quick KQL query to do that. ProtectionStatus | project DeviceName, ThreatStatus, TenantId, ProtectionStatus, SignatureVersion, ScanDate, ProtectionStatusDetails | summarize sig_count=count() by SignatureVersion | render piechart by sig_count This particular KQL query displays … Continue reading How to Create a Pie Chart Showing Threat Protection Signature Versions

How to Send Feedback to the Azure Sentinel Notebook Team

There's a mighty effort underway to ensure that Azure Sentinel customers have as much knowledge and understanding about the Notebooks feature as possible. Azure Sentinel Notebooks is a valuable asset for investigative and hunting analysts alike. There's an introductory blog post available now that is a compliment to the upcoming free training series. See: Becoming … Continue reading How to Send Feedback to the Azure Sentinel Notebook Team