Is Moving the Sentinel Workspace to Another Resource Group or Subscription Supported?

This is a common question and one that needs both an answer and a Docs location to always find the answer. Digging around in the Microsoft Sentinel Docs may not yield the answer you're looking for. The answer is located in the Azure Monitor Doc for Workspace move considerations (URL: https://docs.microsoft.com/en-us/azure/azure-monitor/logs/move-workspace#workspace-move-considerations). Per the Doc: Currently, … Continue reading Is Moving the Sentinel Workspace to Another Resource Group or Subscription Supported?

How to Quickly Tell Which Microsoft Sentinel Tables are Configured as Basic Logs

Basic Logs, of course, is a preview feature for Microsoft Sentinel that enables customers a cheaper, but more limited way to ingest large volume, low security value logs. If you've not heard of this new feature yet, check out the following recent articles to catch up: When to Use and When NOT to Use Basic … Continue reading How to Quickly Tell Which Microsoft Sentinel Tables are Configured as Basic Logs

The Microsoft Security Insights Podcast is Coming to Microsoft Reactor

For fans of the weekly Microsoft Security Insights podcast, Frank, Edward, Brodie, and I have some awesome news to share. The popularity of the podcast continues to grow. Not only is the listener audience in an exploding growth spurt, but there are many security experts coming out of the woodwork asking to come on the … Continue reading The Microsoft Security Insights Podcast is Coming to Microsoft Reactor

How to Send Azure Storage Logs to Microsoft Sentinel

Just announced as generally available, I know many Microsoft Sentinel customers have been waiting to monitor Read, Write, and Delete operations for Storage accounts. To enable this for Microsoft Sentinel, you'll need to create a Diag Setting for each Storage account type and send the logs to the same Log Analytics Workspace as Microsoft Sentinel. … Continue reading How to Send Azure Storage Logs to Microsoft Sentinel

Quick Tip: Monitoring Log Analytics Issues for Microsoft Sentinel

Log Analytics issues are things that should be an important matter for Microsoft Sentinel customers, since the service runs on top of a Log Analytics workspace. And, as such, there should be a mechanism to monitor when issues have been reported. The Azure Monitor team maintains a status blog: https://cda.ms/3kB This blog produces alerts when … Continue reading Quick Tip: Monitoring Log Analytics Issues for Microsoft Sentinel