Adjustments to Azure Sentinel Permissions

There have been some enhancements to the permissions available to apply as roles to the Azure Sentinel service and some new recommendations that are worth highlighting here. These enhancements have filtered into our documentation without any fanfare, so they are easy to miss. Azure Sentinel Automation Contributor allows Azure Sentinel to add playbooks to automation rules. … Continue reading Adjustments to Azure Sentinel Permissions

Moving Azure Sentinel Data to ADX for Long Term Storage

There's been a lot of talk recently about how long to actually store active data in a SIEM and then what to do with that data once it's no longer relevant to active operations. With Azure Sentinel, you get 90 days of active data retention. After that, you'll want to export it to cold storage … Continue reading Moving Azure Sentinel Data to ADX for Long Term Storage

Important Changes in the New Entity Mapping Feature for Azure Sentinel

Called out in the Notes section for the new version of Entity Mapping for Azure Sentinel, there's some tidbits of good and important information you should all be aware of. I've had several questions around this recently and a lot of times there's nothing better than the good, old docs. I'm going to expose the … Continue reading Important Changes in the New Entity Mapping Feature for Azure Sentinel

How to Auto-refresh Your Azure Sentinel Workbook Data

An unceremoniously released feature is now available in Azure Workbooks that also works with your Azure Sentinel Workbooks. This has been a much anticipated enhancement - particularly for those organizations that want to display Workbooks as dashboards on large SOC screens. Configure the schedule so that you're always looking at and working with the most … Continue reading How to Auto-refresh Your Azure Sentinel Workbook Data

How to Determine the Total Economic Impact of Azure Sentinel

A new calculator is available that allows you to get the full economic value of utilizing Azure Sentinel. From the calculator: This interactive model is based upon the Forrester Consulting study, The Total Economic Impact of Microsoft Azure Sentinel, commissioned by Microsoft. Working with Microsoft customers, Forrester identified and quantified key benefits of investing in … Continue reading How to Determine the Total Economic Impact of Azure Sentinel

Replay Now Available: Microsoft Security Insights with Chris Boehm and Jing Nghik

If you missed the live event last week when Nathan Swift and myself took over the Microsoft Security Insights Podcast and Twitch stream, the replay is now available: Audio Podcast: http://microsoftsecurityinsights.com/043-azure-sentinel-with-chris-boehm-and-jing-nghik Twitch TV: https://www.twitch.tv/videos/953205246 ========================= [Want to discuss this further? Hit me up on Twitter or LinkedIn] [Subscribe to the RSS feed for this blog] … Continue reading Replay Now Available: Microsoft Security Insights with Chris Boehm and Jing Nghik

How to See Which Playbooks Have Run Against an Azure Sentinel Incident

Buried deep into each Incident is a location to determine which automations have been run against the Incident you are working with. This is a good spot to help determine if automation is working. This area will show those that have been run both manually against the Incident and those that were run against the … Continue reading How to See Which Playbooks Have Run Against an Azure Sentinel Incident

How to Import One or Multiple Analytics Rules into Azure Sentinel

There's a few PowerShell options out there (including the official module) to help automate content and collateral deployment to your Azure Sentinel workspace. But, this latest one from Jan Geisbauer is highly recommended. Jan notified me about this late last week, and after some testing, I can say it's a very worthwhile PowerShell module to … Continue reading How to Import One or Multiple Analytics Rules into Azure Sentinel

New Resources for Azure Sentinel Automation Rules

Announced on Wednesday, Automation Rules (and the new Automation blade) for Azure Sentinel have now been made available in the console. There's two types of SOAR capability in Azure Sentinel now: Playbooks (which is what you're already familiar with) and Automation Rules. As I like to do here on this blog, I'll circle back and … Continue reading New Resources for Azure Sentinel Automation Rules

Azure Active Directory SigninLogs Still Requires a License to Stream to Azure Sentinel

In Azure Sentinel can now Analyze All Available Azure Active Directory Log Files, I noted that... Additionally, you may also notice that there is no longer need for any kind of AAD license (P1/P2) for Sentinel customers to stream AAD logs. I found out just recently that this isn't entirely true. I was correct initially, … Continue reading Azure Active Directory SigninLogs Still Requires a License to Stream to Azure Sentinel