Microsoft Sentinel Cross-workspace Incidents View Limit Bumped to 30 Workspaces and/or Tenants

As of today, Microsoft Sentinel customers with larger deployments can now get a much more expansive view of the environment. What was original a 10 workspace/tenant limit has now reached GA for an increased capability of 30 workspaces/tenants. This enhancement is available for commercial and government. Details are available in the "What's New" section of … Continue reading Microsoft Sentinel Cross-workspace Incidents View Limit Bumped to 30 Workspaces and/or Tenants

Adding a Custom Location to the Dropdown List of the User Map Workbook in Microsoft Sentinel

The User Map workbook in Microsoft Sentinel is a useful tool to show device and user locations on global map. As shown in the following image, there's a spot in this workbook that provides a dropdown list of common locations. Mine is a bit different than yours in that I've added Hong Kong to my … Continue reading Adding a Custom Location to the Dropdown List of the User Map Workbook in Microsoft Sentinel

“Server error Category A is not supported” message when enabling Microsoft Defender for Office 365 in the Microsoft Sentinel Connector

Recently, a few of us were confused about an error message that exhibited itself when attempting to enable the Microsoft Defender for Office 365 option in the Microsoft 365 Defender connector for Microsoft Sentinel. Never experiencing something like this yourself, makes it even more difficult to troubleshoot. You know the scenario - user or customer … Continue reading “Server error Category A is not supported” message when enabling Microsoft Defender for Office 365 in the Microsoft Sentinel Connector

Must Learn KQL Part 12: The Render Operator

This post is part of an ongoing series to educate about the simplicity and power of the Kusto Query Language (KQL). If you’d like the 90-second post-commercial recap that seems to be a standard part of every TV show these days… The full series index (including code and queries) is located here: https://aka.ms/MustLearnKQL The book … Continue reading Must Learn KQL Part 12: The Render Operator

Building SOC Efficiency with Microsoft Sentinel

For those that missed it or had to walk away to do actual work during the event, here's my Building SOC Efficiency with Microsoft Sentinel talk for AzureFunBytes. One of these days, I'd love to complete this talk. It really deserves 3-4 hours instead of the 1 hour allotted for this event. But it was … Continue reading Building SOC Efficiency with Microsoft Sentinel

Must Learn KQL Part 11: The Summarize Operator

This post is part of an ongoing series to educate about the simplicity and power of the Kusto Query Language (KQL). If you’d like the 90-second post-commercial recap that seems to be a standard part of every TV show these days… The full series index (including code and queries) is located here: https://aka.ms/MustLearnKQL The book … Continue reading Must Learn KQL Part 11: The Summarize Operator

Cloud Service Provider Access to Microsoft Sentinel Content Hub

A few weeks ago an issue was raised from Cloud Service Providers (CSPs) that they could not access any Solutions in the newly released Content Hub for Microsoft Sentinel. When they attempted to enable a Solution, they were met with: This offer is not available for subscriptions from Microsoft Azure Cloud Solution Providers There's an … Continue reading Cloud Service Provider Access to Microsoft Sentinel Content Hub

Updated Log4j Microsoft Sentinel Solution Requires Manual Updating

A few short weeks ago now during the initial reporting on Log4j, the Microsoft Sentinel team released a Solution in the recently christened Content Hub for Log4j. The first release (1.0.0) only supplied a couple Analytics Rules, despite This particular solution has now been updated. The update brings the solution to version 1.0.1 and now … Continue reading Updated Log4j Microsoft Sentinel Solution Requires Manual Updating

New Year’s Resolution: Must Learn KQL in 2022

For those that missed the notification, I'm still off of work until the first week of January. But I'm finding that I truly am a victim of tech FOMO. It's really hard for me to completely shut down and walk away. But this isn't a new phenomenon. I've experienced this my whole professional, adult life. … Continue reading New Year’s Resolution: Must Learn KQL in 2022