The Easy Way to Get the ARM Deployment Template for a Microsoft Sentinel Solution

If you need the deployment (ARM) template for any Microsoft Sentinel Solution, there's an easy in the UI to way to obtain it. The ARM template will allow you to deploy the Solution using your favorite DevOps method. Once you locate the Solution you want install, begin the actual, normal installation process. When you get … Continue reading The Easy Way to Get the ARM Deployment Template for a Microsoft Sentinel Solution

Easy Way to Build KQL Query Templates for Azure Services

If you want KQL queries to monitor general Azure services, there's actually a pretty easy, quick way to build them. This is not a hidden feature, by any means, but probably (for some of you) something that you've overlooked hundreds of times. In the Azure portal, when you access a number of Azure services, there's … Continue reading Easy Way to Build KQL Query Templates for Azure Services

A Replacement for the Defunct Anomali Limo Feeds in Microsoft Sentinel

When I noted that the free Anomali Limo feeds that everyone was using for TI in Microsoft Sentinel were going to be sun-setted there was woe and anguish and then immediate questions about what to replace them with. Unfortunately, we didn't have much control over this. This was a decision by Anomli. Just now realizing … Continue reading A Replacement for the Defunct Anomali Limo Feeds in Microsoft Sentinel

Security Sessions for Microsoft Ignite 2022

Whether you're attending in-person or virtually, there's plenty to enjoy about Microsoft Ignite this year. Unfortunately, I won't be onsite this year, but I will still be participating in the event remotely. I have a couple sessions I'm participating in. For one, I'm speaking - for the other I'm moderating. Speaking: Learn Live: Plan for … Continue reading Security Sessions for Microsoft Ignite 2022