Azure Sentinel Learning Path Now Available

For those that want a good kickstart on learning Azure Sentinel over the holiday, Microsoft has recently finalized the full set of Learn modules. For the past couple months the only module available was an Introduction session, but now the following modules make out the full list: Introduction to Azure SentinelDeploy Azure Sentinel and connect … Continue reading Azure Sentinel Learning Path Now Available

Beginning in 2021 Shared Reports is Your Only Save Option for Azure Sentinel Workbooks

Saw this today when I was adding a new Workbook to my Azure Sentinel environment for a customer demo and thought it worthy to pass along. The ability to save workbooks as Private Workbooks is going away by early 2021. You will still be able to access your private workbooks but any edit or save … Continue reading Beginning in 2021 Shared Reports is Your Only Save Option for Azure Sentinel Workbooks

Incident Settings Tab in Analytics Rules Wizard Comes out of Preview in Azure Sentinel

Just a quick heads-up for those that have been waiting for this to happen. The (Preview) tag for the Incident Settings tab in the Analytics Rules creation/modification wizard has released from public preview this week. I actually noticed it during a customer workshop session on Tuesday. Out of Preview I'll follow-up with some information about … Continue reading Incident Settings Tab in Analytics Rules Wizard Comes out of Preview in Azure Sentinel

New Feature: Indicator to Show When New Analytics Rules are Available in Azure Sentinel

Over the past several days, our teams at Microsoft have worked feverishly to put together guidance and content to help customers impacted by the SolarWinds hack. Specific to Azure Sentinel, see: How to Use Azure Sentinel to Detect SolarWinds SUNBURST In addition to supplying Analytics Rules, a Workbook, and a Notebook for customers to deploy … Continue reading New Feature: Indicator to Show When New Analytics Rules are Available in Azure Sentinel

How to Use Azure Sentinel to Detect SolarWinds SUNBURST

The teams at Microsoft have been working over the past several days to put together some content for Azure Sentinel customers who may be affected by the recent SolarWinds ORION hack. UPDATE: After this original post, the Microsoft teams delivered a more comprehensive post and is continually updating it. See that here: SolarWinds Post-Compromise Hunting … Continue reading How to Use Azure Sentinel to Detect SolarWinds SUNBURST

How to Report When an Azure Sentinel Analytics Rule is Deleted

In this next chapter of producing alerts in Azure Sentinel for "watching the watchers" here's a KQL query that can be used as an Analytics Rule or in a Workbook to report when an Analytics Rule is deleted and who did it. The hope is that you can trust your colleagues and security team members, … Continue reading How to Report When an Azure Sentinel Analytics Rule is Deleted

Achieving SOC Operational Efficiency for Azure Sentinel Hunting – the Replay

I had a fantastic time delivering this session yesterday for the Microsoft Cloud and Client Management Community (@mc2mcbe). This is the final version (until I update it with new information) of this session - which is the first in a series efficiency sessions I'm developing Azure Sentinel. So stay tuned for more. I believe at … Continue reading Achieving SOC Operational Efficiency for Azure Sentinel Hunting – the Replay

A few important updates to the Azure Sentinel CEF Connector

The CEF connector in Azure Sentinel has received some necessary updates and the docs have been updated already to reflect the changes. Docs: Connect your external solution using Common Event Format For those that have been working with this connector, it's worthwhile to see what's changed. Here's what's new... The command-line to install the CEF … Continue reading A few important updates to the Azure Sentinel CEF Connector