Exporting Events from Disconnected Systems to Ingest into Azure Sentinel

I had the occasion recently to work with a customer that had domain controllers that were disconnected from the Internet, but still wanted to ingest the server event logs into Azure Sentinel. Sifting through research I found there's a myriad of ways to do it (including standing up a Log Analytics gateway) but one of … Continue reading Exporting Events from Disconnected Systems to Ingest into Azure Sentinel

Azure Sentinel Tip for Table Details and Descriptions

I wrote a recent article that talks about tips for doing Data Sampling for Azure Sentinel. Data Sampling is a method that allows the Sentinel Analyst to figure out where and what data exists in the Log Analytics workspace to help hone KQL queries to produce good data results. Read that here if you missed … Continue reading Azure Sentinel Tip for Table Details and Descriptions

Tips for KQL Data Sampling as part of Azure Sentinel Investigations

When you're working against the data ingested in your Azure Sentinel Log Analytics workspace, you sometimes don't know right away exactly where the data exists or even what data is available. For example, what if you simply want to figure out if 'zoom.exe' exists in your data store? A lot of times someone has already … Continue reading Tips for KQL Data Sampling as part of Azure Sentinel Investigations

Tip: Keeping Track of Azure Sentinel GitHub Updates

One of the suggested recommendations in the continuing Suggested Daily, Weekly, and Monthly Tasks for Azure Sentinel series is to keep track of updates for a variety of the Azure Sentinel components. Our GitHub repository is a valuable resource for new and updated KQL queries, Workbooks, etc. It is updated constantly by our Sentinel teams, … Continue reading Tip: Keeping Track of Azure Sentinel GitHub Updates

Azure Sentinel Daily Task: Hunting Queries and Bookmarks

This is part of a continuing series in relation to the Suggested Daily, Weekly, and Monthly Tasks for Azure Sentinel, which outlines tasks for security analysts. In this article, I'll talk about investigating incidents as part of a daily regimen for an Azure Sentinel analyst. There's deeper discussions and training that's required to get a … Continue reading Azure Sentinel Daily Task: Hunting Queries and Bookmarks