The Microsoft Security Operations Guide Contains Microsoft Sentinel Templates for Things to Monitor

Thanks to a huge collaborative effort, there's now some additional value in the Microsoft Security Operations Guide - specifically for Microsoft Sentinel customers. You can locate the full Security Operations Guide at the following link: https://cda.ms/3nn Inside the guide, in each operations section you'll find a Things to Monitor table. This table provides guidance and … Continue reading The Microsoft Security Operations Guide Contains Microsoft Sentinel Templates for Things to Monitor

Must Learn KQL Part 4: Search for Fun and Profit

This post is part of an ongoing series to educate about the simplicity and power of the Kusto Query Language (KQL). If you'd like the 90-second post-commercial recap that seems to be a standard part of every TV show these days... The full series index, along with code and queries, is located here: https://aka.ms/MustLearnKQL The … Continue reading Must Learn KQL Part 4: Search for Fun and Profit

Must Learn KQL Part 3: Workflow

This post is part of an ongoing series to educate about the simplicity and power of the Kusto Query Language (KQL). If you'd like the 90-second post-commercial recap that seems to be a standard part of every TV show these days... The full series index (including code and queries) is located here: https://aka.ms/MustLearnKQL The book … Continue reading Must Learn KQL Part 3: Workflow

Must Learn KQL Part 2: Just Above Sea Level

This post is part of an ongoing series to educate about the simplicity and power of the Kusto Query Language (KQL). If you'd like the 90-second post-commercial recap that seems to be a standard part of every TV show these days... The full series index (including code and queries) is located here: https://aka.ms/MustLearnKQL The book … Continue reading Must Learn KQL Part 2: Just Above Sea Level

How to Subscribe to the Azure Security Center Wrap Newsletter

The Azure Sentinel newsletter "experiment" I started a few months ago is a confirmed success. Its become a wildly popular weekly Inbox insert for many and the subscriber growth is still steadily increasing. And, for those that don't care for yet another newsletter, there's also a huge following for direct access through the social media … Continue reading How to Subscribe to the Azure Security Center Wrap Newsletter

How to Get the Network Security Dashboard for Security Center

There's a new dashboard in town for Azure Security Center. This particular dashboard (workbook) contains the following: Overview - a summary of all monitored network-related security components.Public IPs & Exposed Ports - Public IP and Asset Types and Ports Exposed to the InternetNetwork Security Services- DDoS Protection Plans, Azure Firewalls and Firewall Policies, Azure WAF … Continue reading How to Get the Network Security Dashboard for Security Center

How to Control Deployment of Defender for Endpoint to your Linux machines

Azure Security Center now supports (in preview) the automatic deployment of Defender for Endpoint to your Linux machines. To enable this... [1] In Azure Security Center go to Pricing & Settings for the Security Center enabled subscription and then Integrations. [2] Click the Enable for Linux Machines (Preview) button and click Save. [3] Finally, verify … Continue reading How to Control Deployment of Defender for Endpoint to your Linux machines

Security Center Compliance Over Time Report Now in Public Preview

The Microsoft Security Center team has now released an integrated report that gives customers the ability to track compliance status over time. This is a valuable report to enable managers and workers to view continuing progress toward a compliant environment. The Compliance Over Time workbook requires continuous export to export data to a Log Analytics … Continue reading Security Center Compliance Over Time Report Now in Public Preview

How to Obtain a Completion Certificate for Azure Security Center Ninja Training

Many of the Microsoft Ninja trainings have completion certificates available after a brief knowledge measure and a passing score. As of August 11th, this also goes for the Ninja training for Azure Security Center/Azure Defender. The knowledge measure for ASC consists of 30 questions. I've taken it myself and am pretty happy to say I … Continue reading How to Obtain a Completion Certificate for Azure Security Center Ninja Training

Regulatory Compliance in Azure Security Center Workflow Automation Reaches GA

As you know, in Azure Security Center, Workflow Automation can be used to trigger Logic Apps when security center data changes. In February of this year, the ability to enable these triggers based on Regulatory Compliance changes entered preview. Today, this capability is now complete and released to GA. As shown below, you can now … Continue reading Regulatory Compliance in Azure Security Center Workflow Automation Reaches GA