For those that want a good kickstart on learning Azure Sentinel over the holiday, Microsoft has recently finalized the full set of Learn modules. For the past couple months the only module available was an Introduction session, but now the following modules make out the full list: Introduction to Azure SentinelDeploy Azure Sentinel and connect … Continue reading Azure Sentinel Learning Path Now Available
Author: Rod Trent
Beginning in 2021 Shared Reports is Your Only Save Option for Azure Sentinel Workbooks
Saw this today when I was adding a new Workbook to my Azure Sentinel environment for a customer demo and thought it worthy to pass along. The ability to save workbooks as Private Workbooks is going away by early 2021. You will still be able to access your private workbooks but any edit or save … Continue reading Beginning in 2021 Shared Reports is Your Only Save Option for Azure Sentinel Workbooks
Incident Settings Tab in Analytics Rules Wizard Comes out of Preview in Azure Sentinel
Just a quick heads-up for those that have been waiting for this to happen. The (Preview) tag for the Incident Settings tab in the Analytics Rules creation/modification wizard has released from public preview this week. I actually noticed it during a customer workshop session on Tuesday. Out of Preview I'll follow-up with some information about … Continue reading Incident Settings Tab in Analytics Rules Wizard Comes out of Preview in Azure Sentinel
New Feature: Indicator to Show When New Analytics Rules are Available in Azure Sentinel
Over the past several days, our teams at Microsoft have worked feverishly to put together guidance and content to help customers impacted by the SolarWinds hack. Specific to Azure Sentinel, see: How to Use Azure Sentinel to Detect SolarWinds SUNBURST In addition to supplying Analytics Rules, a Workbook, and a Notebook for customers to deploy … Continue reading New Feature: Indicator to Show When New Analytics Rules are Available in Azure Sentinel
How to Use Azure Sentinel to Detect SolarWinds SUNBURST
The teams at Microsoft have been working over the past several days to put together some content for Azure Sentinel customers who may be affected by the recent SolarWinds ORION hack. UPDATE: After this original post, the Microsoft teams delivered a more comprehensive post and is continually updating it. See that here: SolarWinds Post-Compromise Hunting … Continue reading How to Use Azure Sentinel to Detect SolarWinds SUNBURST
How to Report When an Azure Sentinel Analytics Rule is Deleted
In this next chapter of producing alerts in Azure Sentinel for "watching the watchers" here's a KQL query that can be used as an Analytics Rule or in a Workbook to report when an Analytics Rule is deleted and who did it. The hope is that you can trust your colleagues and security team members, … Continue reading How to Report When an Azure Sentinel Analytics Rule is Deleted
Achieving SOC Operational Efficiency for Azure Sentinel Hunting – the Replay
I had a fantastic time delivering this session yesterday for the Microsoft Cloud and Client Management Community (@mc2mcbe). This is the final version (until I update it with new information) of this session - which is the first in a series efficiency sessions I'm developing Azure Sentinel. So stay tuned for more. I believe at … Continue reading Achieving SOC Operational Efficiency for Azure Sentinel Hunting – the Replay
A few important updates to the Azure Sentinel CEF Connector
The CEF connector in Azure Sentinel has received some necessary updates and the docs have been updated already to reflect the changes. Docs: Connect your external solution using Common Event Format For those that have been working with this connector, it's worthwhile to see what's changed. Here's what's new... The command-line to install the CEF … Continue reading A few important updates to the Azure Sentinel CEF Connector
How to Connect Crowdstrike to Azure Sentinel
I've been extra busy lately trying to close things out before taking a much needed break. This will be the first set of days I've taken off this year, believe it or not. I didn't realize that until I had a minute to sit and think about it. A few more Azure Sentinel workshop sessions … Continue reading How to Connect Crowdstrike to Azure Sentinel
How to Get Splunk Data into Azure Sentinel
This is not a deep, beefy blog post, but more of an announcement post for those that have been wanting an easier way to get Splunk data into Azure Sentinel to tie the two systems together. I've worked with a number of customers over the last year that are either wanting to move to Azure … Continue reading How to Get Splunk Data into Azure Sentinel