How to Identify Log Sources Required to Expose Specific Activity in Azure Sentinel

From time-to-time, customers ask about an MVP - or Minimum Viable Product - when discussing standing up Azure Sentinel. An MVP would be the base configuration (with all connectors, analytics rules, workbooks, etc.) for the environment. Unfortunately, this is a gray area, and it concludes with the most famous Microsoft response to ever be issued: … Continue reading How to Identify Log Sources Required to Expose Specific Activity in Azure Sentinel →

Is it Time for an Analyst Assistant for Azure Sentinel?

Just a fun little blog post. Nothing serious here, just wanted to bring some joy into your life. I posted earlier about our new Incident Response Playbooks. These are awesome. And, if more of these are made available consistently, SOCs will have a great resource with which to build policies, procedures, and workflows specific to … Continue reading Is it Time for an Analyst Assistant for Azure Sentinel? →

Incident Response Playbooks are the Guidance You Need

A new section has been developed and released in our Security Best Practices section of the docs platform. With hope that this will be built out further and we'll see additional guidance released, the Incident Response Playbooks section contains the following to start: PhishingPassword sprayApp consent grant Bookmark this page and watch for updates. These … Continue reading Incident Response Playbooks are the Guidance You Need →

How to Get Prepped to Take the SC-200 Exam

The SC-200 exam is for the Microsoft Security Operations Analyst and contains questions and content about Azure Defender and Azure Sentinel. Its not a tough exam, by any means - particularly if you have worked with Defender and Sentinel for any length of time. Here's the skills that are measured with their approximate percentages of … Continue reading How to Get Prepped to Take the SC-200 Exam →

How to Know the Azure Sentinel Feature Differences Between Government and Commercial Clouds

This has been one of the most popularly requested asks for Azure Sentinel customers for the last many months: How can I tell the feature differences between the government cloud and the commercial cloud for Azure Sentinel? Well, you no longer have to guess - or as I've done - maintained separate gov't and commercial … Continue reading How to Know the Azure Sentinel Feature Differences Between Government and Commercial Clouds →

Three New 1st Party Data Connectors for Azure Sentinel Hit GA

In case you missed it, there three new Microsoft Data Connectors available for Azure Sentinel. These new connectors are mechanisms that create Diagnostic Settings for the Azure services using the Azure Policy wizard. Azure Policy Wizard The Azure Active Directory Connector works similarly, but created the Diagnostic Setting in a different way. The following are … Continue reading Three New 1st Party Data Connectors for Azure Sentinel Hit GA →

Come Join Me in an Upcoming Webinar Talking Azure Sentinel with Difenda

I'm happy to announce I'll be joining a great partner, Difenda, on May 13th at 2pm EST to talk shop about Azure, security, and of course -- Azure Sentinel. Difenda is a Microsoft Gold partner that specializes in Azure Sentinel deployment, configuration, and optimization. I hope you can all register to join. They tell me … Continue reading Come Join Me in an Upcoming Webinar Talking Azure Sentinel with Difenda →

How to Get UEBA Costs for Azure Sentinel

The cost for UEBA is nominal and based on the amount of data that is analyzed. Your costs will vary depending several factors. However, the following KQL query can be used to get the estimated cost of the solution. union withsource=TableName1 * | where TimeGenerated > ago(30d) //In the last 30 days | summarize Entries … Continue reading How to Get UEBA Costs for Azure Sentinel →

Native Azure Sentinel Data Connector to Ingest AWS CloudTrail Logs

My good friend, Sreedhar Ande, who was a guest on the recent Microsoft Security Insights podcast episode and is the author of the fabulous PowerShell script to automating the export of Azure Sentinel data to long-term storage, has come up with another fantastic offering. Sreedhar has developed and released a data connector for ingesting AWS … Continue reading Native Azure Sentinel Data Connector to Ingest AWS CloudTrail Logs →

Microsoft Security Insights Twitch Stream with Sreedhar Ande, Evel Knievel, and Azure Sentinel Long-term Storage

If you missed the live podcast even on April 21st, the replay stream is available on Twitch.TV. In this week's episode, Sreedhar Ande is onboard talking about his PowerShell solution that automates and simplifies sending Azure Sentinel data to long-term storage in ADX. He also outlines some of the current limitations and a little about … Continue reading Microsoft Security Insights Twitch Stream with Sreedhar Ande, Evel Knievel, and Azure Sentinel Long-term Storage →