How to Detect Kaseya REvil Ransomware with Azure Sentinel

Working with a couple customers and some of my colleagues who are working with their customers who are either impacted or curious if they might be impacted by the recent Kaseya REvil situation, the following KQL query was developed as a detection. This should work in all environments, but after testing it you find a … Continue reading How to Detect Kaseya REvil Ransomware with Azure Sentinel

How to Know When Data Retention Values Have Changed for Azure Sentinel

In another of the "Watching the Watchers" series, customers ask periodically to be notified when - or at least to know when - the Log Analytics workspace data retention changes. Here's a quick KQL query to accomplish that. union Operation | where OperationStatus == "Succeeded" | where OperationCategory == "Workspace Configuration" | project TimeGenerated, Detail … Continue reading How to Know When Data Retention Values Have Changed for Azure Sentinel

How to Track PrintNightmare with Azure Sentinel

There's been some recent flurry around what folks are calling #PrintNightmare. This has been identified as a Print Spooler flaw with POC code available. For those customers wanting to know more about this, see: Windows Admins Scrambling to Contain 'PrintNightmare' Flaw Exposure | SecurityWeek.Com There's a couple things you can do to start: Install the … Continue reading How to Track PrintNightmare with Azure Sentinel

How to Use the Watchlists Logic App Connector for Azure Sentinel

There's currently two Logic App Connectors for Azure Sentinel that allow you to work with Watchlists. Up until the recent update for Watchlists that brought the ability to modify existing Watchlists, neither of these Logic App Connectors worked. Currently, you can't create a brand new Watchlist using either of these, you can only update existing … Continue reading How to Use the Watchlists Logic App Connector for Azure Sentinel

How to Create an Azure Sentinel SOC Alerting System

The Azure Sentinel Hackathon has my creative juices in full swing. For my first feat, I talked earlier this week about How to Build an Alexa Skill to Report Critical Azure Sentinel Incidents Generated Overnight. I'm still working on deeper integration for Alexa and Azure Sentinel, but as is the case, I keep having squirrel … Continue reading How to Create an Azure Sentinel SOC Alerting System

Replay: Azure Sentinel Fireside Chat – Part 2

So, my first Fireside chat with our partner, Difenda, went so well - they invited me back for a Part 2! This was an absolute hoot and truly enjoyed myself. In this particular event we dove into the partner ecosystem for Azure Sentinel. Our partner ecosystem is a strong one and encompasses the following areas: … Continue reading Replay: Azure Sentinel Fireside Chat – Part 2

A Blog about a Blog: Upgrade Your Azure Sentinel AzureActivity Data Connector

I generally hate it when someone takes a blog and writes an article or blog about it. There's a number of websites that do this and it drives me nuts. HOWEVER, you're going to catch me doing this today - but for good reason. A significant change in a Data Connector is worth highlighting twice. … Continue reading A Blog about a Blog: Upgrade Your Azure Sentinel AzureActivity Data Connector

How to Build an Alexa Skill to Report Critical Azure Sentinel Incidents Generated Overnight

A colleague of mine, Sonia Cuff, put together an interesting blog post recently that talks about how to integrate Azure Monitor with LIFX lighting devices. See: How to display Azure Monitor alerts with smart lights and no code. That article really got my creative juices flowing. I've since ordered one of the LIFX light bulbs … Continue reading How to Build an Alexa Skill to Report Critical Azure Sentinel Incidents Generated Overnight

Hear about Modernizing the SOC for Efficiency Using Azure Sentinel at the Azure Summit in September

I'm happy to report I'll be bringing the Azure Sentinel goodness to one of the largest cloud events in September. How big is it? 50,000 attendees, 120 speakers, and 110 sessions. That's massive. And, I feel hugely blessed to be bringing the Azure Sentinel message to that audience. But, with that number of sessions on … Continue reading Hear about Modernizing the SOC for Efficiency Using Azure Sentinel at the Azure Summit in September

Not to Miss: Azure Sentinel Costs and Costs Management Webinar

Talking with the customers regularly, I spend the first few minutes showing them the goodness and value of a cloud-based, hybrid and multi-cloud SIEM. Azure Sentinel is a SIEM+SOAR service that is growing quickly and customers are thoroughly interested. But, after that first few minutes of discussion and demo, the conversation always turns to cost. … Continue reading Not to Miss: Azure Sentinel Costs and Costs Management Webinar