Join the Launch of Microsoft Security Insights on Microsoft Reactor

On April 20th, myself and my colleagues will be kicking off a new journey for the Microsoft Security Insights podcast. We will be kicking off our first-ever Microsoft Reactor show, joined by our inaugural guest, Matt Soseman, Senior Program Manager in Identity & Network Access Division. If you missed it, read the reasons and behind … Continue reading Join the Launch of Microsoft Security Insights on Microsoft Reactor

Introducing a New Series Called Security Rodcasts

Customers are inundated with the ever-flowing stream of updates to all of our services and products. I know it's hard to keep up, and it's even harder to commit time to learn about all the new stuff. I've mulled for a time how to deliver bite-sized nuggets of Microsoft Security information in a way that … Continue reading Introducing a New Series Called Security Rodcasts

How to Quickly Tell Which Microsoft Sentinel Tables are Configured as Basic Logs

Basic Logs, of course, is a preview feature for Microsoft Sentinel that enables customers a cheaper, but more limited way to ingest large volume, low security value logs. If you've not heard of this new feature yet, check out the following recent articles to catch up: When to Use and When NOT to Use Basic … Continue reading How to Quickly Tell Which Microsoft Sentinel Tables are Configured as Basic Logs

The Microsoft Security Insights Podcast is Coming to Microsoft Reactor

For fans of the weekly Microsoft Security Insights podcast, Frank, Edward, Brodie, and I have some awesome news to share. The popularity of the podcast continues to grow. Not only is the listener audience in an exploding growth spurt, but there are many security experts coming out of the woodwork asking to come on the … Continue reading The Microsoft Security Insights Podcast is Coming to Microsoft Reactor

How to Redeploy ASIM for Microsoft Sentinel

I've not personally experienced the scenario, but have heard from others who have, but it's possible that Advanced Security Information Model (ASIM) needs to be redeployed or removed. When ASIM is deployed, a number of KQL functions are installed. These KQL functions provide the parsing intelligence and are important for ASIM to work in normalizing … Continue reading How to Redeploy ASIM for Microsoft Sentinel

All the Ways to Read the Weekly Newsletters for Microsoft Sentinel and Microsoft Defender

The weekly newsletters for Microsoft Sentinel and Defender continue to skyrocket in subscribers. It's amazing how far each of these resources have come and how dedicated and loyal the inbox subscribers are. But there are many out there that prefer not to receive yet another newsletter in their inbox, or who would like to sample … Continue reading All the Ways to Read the Weekly Newsletters for Microsoft Sentinel and Microsoft Defender

Addicted to KQL Part 0: The Wit and Wisdom of Standard Columns in Azure Monitor Logs

The Addicted to KQL series is an ongoing, advanced series for KQL. For beginning topics don't start here. Instead, see the original Must Learn KQL series. The series TOC along with the currently completed chapters, sample queries, series images, and even the series eBook will always be located at the following shortlink: https://aka.ms/Addicted2KQL ======================= I have a … Continue reading Addicted to KQL Part 0: The Wit and Wisdom of Standard Columns in Azure Monitor Logs

The Basic Logs for Microsoft Sentinel KQL Limitations

In a recent post that caught a lot of attention, I outlined the do's and don'ts for using the Basic Logs feature with Microsoft Sentinel. See: When to Use and When NOT to Use Basic Logs with Microsoft Sentinel One the limitations of Basic Logs is that it only supports a subset of the KQL … Continue reading The Basic Logs for Microsoft Sentinel KQL Limitations

How to Locate the Microsoft Sentinel Free Benefit in Cost Management + Billing

There are a couple ways to identify that the free benefit (https://aka.ms/SentinelOffer) for Microsoft 365 E5, A5, F5 and G5 customers has kicked in. The first is the most obvious. We've included a Microsoft Sentinel Cost Workbook in the Microsoft Sentinel console that shows the applicable data flow. Microsoft Sentinel Cost Workbook But what if … Continue reading How to Locate the Microsoft Sentinel Free Benefit in Cost Management + Billing