The Easy Way to Get the ARM Deployment Template for a Microsoft Sentinel Solution

If you need the deployment (ARM) template for any Microsoft Sentinel Solution, there's an easy in the UI to way to obtain it. The ARM template will allow you to deploy the Solution using your favorite DevOps method. Once you locate the Solution you want install, begin the actual, normal installation process. When you get … Continue reading The Easy Way to Get the ARM Deployment Template for a Microsoft Sentinel Solution

A Replacement for the Defunct Anomali Limo Feeds in Microsoft Sentinel

When I noted that the free Anomali Limo feeds that everyone was using for TI in Microsoft Sentinel were going to be sun-setted there was woe and anguish and then immediate questions about what to replace them with. Unfortunately, we didn't have much control over this. This was a decision by Anomli. Just now realizing … Continue reading A Replacement for the Defunct Anomali Limo Feeds in Microsoft Sentinel

Security Sessions for Microsoft Ignite 2022

Whether you're attending in-person or virtually, there's plenty to enjoy about Microsoft Ignite this year. Unfortunately, I won't be onsite this year, but I will still be participating in the event remotely. I have a couple sessions I'm participating in. For one, I'm speaking - for the other I'm moderating. Speaking: Learn Live: Plan for … Continue reading Security Sessions for Microsoft Ignite 2022

Microsoft Sentinel Automation Rules Get Advanced Conditions

A new feature in Preview has just rolled out into customers' Microsoft Sentinel environments that has become one of the more popular asks and more evidence that the Microsoft teams work hard to deliver on customer requests. If you've ever felt that you needed just a bit more capability for Automation Rules, there are now … Continue reading Microsoft Sentinel Automation Rules Get Advanced Conditions