Native Azure Sentinel Data Connector to Ingest AWS CloudTrail Logs

My good friend, Sreedhar Ande, who was a guest on the recent Microsoft Security Insights podcast episode and is the author of the fabulous PowerShell script to automating the export of Azure Sentinel data to long-term storage, has come up with another fantastic offering. Sreedhar has developed and released a data connector for ingesting AWS … Continue reading Native Azure Sentinel Data Connector to Ingest AWS CloudTrail Logs

Microsoft Intune CSP for Google Chrome DISA STIG

Hey everyone, Theron (aka T-) here, Senior Consultant with Microsoft Consulting Services (MCS), deeply involved in a project to configure Intune for managing AADJ laptops with a Federal customer’s use. Been working a lot lately with 'hardening' the laptops following DISA STIGs. As a result I've developed a few Intune CSPs and security baselines to … Continue reading Microsoft Intune CSP for Google Chrome DISA STIG

Microsoft Security Insights Twitch Stream with Sreedhar Ande, Evel Knievel, and Azure Sentinel Long-term Storage

If you missed the live podcast even on April 21st, the replay stream is available on Twitch.TV. In this week's episode, Sreedhar Ande is onboard talking about his PowerShell solution that automates and simplifies sending Azure Sentinel data to long-term storage in ADX. He also outlines some of the current limitations and a little about … Continue reading Microsoft Security Insights Twitch Stream with Sreedhar Ande, Evel Knievel, and Azure Sentinel Long-term Storage

How to Drag-n-Drop hotfixes with Kudu

Nowadays, CI/CD are embedded in almost every modern software solution which brings lots of benefits of course. However, sometimes you may need to skip CI/CD steps just to try something directly on one of your environments. In such cases, you may not be interested in things like (unit testing, security testing, resources creation, full deployment, … Continue reading How to Drag-n-Drop hotfixes with Kudu

How to Find the Enhanced Functions Capabilities in the Azure Sentinel Console

The Functions capability of Log Analytics has been enhanced and its worth knowing about these changes because some of the nuances can help you in your Azure Sentinel endeavors such as Hunting and Parsing. Take a look in your Azure Sentinel console along with the image below to get the comparison. Changes in Functions The … Continue reading How to Find the Enhanced Functions Capabilities in the Azure Sentinel Console

How to Use Microsoft Teams as a Frontend to Azure Sentinel

Jing has been working on a crazy-cool method to use Teams as a conduit between ServiceNow and Azure Sentinel to enable SOC teams to use Teams as the primary tool for quick identification of qualified Incidents. I've seen this in action several times and each time I'm left in awe. I'm just going to share … Continue reading How to Use Microsoft Teams as a Frontend to Azure Sentinel

Experience Azure Sentinel with Our New Interactive Learn Guide

We're putting together quite a number of resources to help Azure Sentinel customers and those curious about Azure Sentinel get better understanding of how the product works and functions to help monitor the environment for potential threats. For earlier Learn guides see: Azure Sentinel Learning Path Now AvailableNew Azure Sentinel Learning Modules Released A new … Continue reading Experience Azure Sentinel with Our New Interactive Learn Guide

Azure Sentinel SecurityIncident Table Hits General Availability

Many have already been taking advantage of the SOC operation metrics in the SecurityIncident table for Azure Sentinel. This table provides overall efficiency metrics and measures to gauge the performance of your team. Per https://docs.microsoft.com/en-us/azure/sentinel/manage-soc-with-incident-metrics: Every time you create or update an incident, a new log entry will be added to the table. This allows … Continue reading Azure Sentinel SecurityIncident Table Hits General Availability

Worth knowing: Multiple Execution Failures Force Azure Sentinel Analytics Rules to Auto-disable

Rare? Yes...this is a rare enough situation that I've only recently seen once - and only recently. And, thanks to a customer exposing me to this occurrence, I'm a bit smarter. I love it when I get to learn new things about Azure Sentinel. As shown in the image, a customer had located several Scheduled … Continue reading Worth knowing: Multiple Execution Failures Force Azure Sentinel Analytics Rules to Auto-disable

Azure Automanage – Simplify and optimize IT management with automated operations

Overview: Automanage is the latest approach of managing your virtual machines with optimized, automated operations across the entire VM lifecycle. This is a service that eliminates the need to discover, know how to onboard, and how to configure certain services in Azure that would benefit your virtual machine. Major Benefits: The major benefits of using … Continue reading Azure Automanage – Simplify and optimize IT management with automated operations