Using Logic App Parameters with Microsoft Sentinel Playbooks

I recently made a recommendation about the importance of Making Use of Variables in Microsoft Sentinel Playbooks. In this post I want to take this just a bit further and make an addendum recommendation. Have you ever wondered how to generate those fill-in blanks that are produced during deployment of an ARM template (as shown … Continue reading Using Logic App Parameters with Microsoft Sentinel Playbooks

Receive an Email Notification Each Morning with the List of Daily Microsoft Sentinel Incidents Created

Would you like to have an email notification show up daily in your inbox (or your security team's share inbox) with a list of the Incidents created while you were sleeping? Here's a Logic App that is ready to fully deploy to your environment that delivers at 7am each morning and includes the list of … Continue reading Receive an Email Notification Each Morning with the List of Daily Microsoft Sentinel Incidents Created

Making Use of Variables in Microsoft Sentinel Playbooks

Creating Playbooks in Microsoft Sentinel is made easy through the use of the Logic Apps service. Most operations are just click-to-select when creating the logic steps. But this ease of use can create bad habits. When you click and choose organization-specific content to be included in each step this is actually stored and retained in … Continue reading Making Use of Variables in Microsoft Sentinel Playbooks

Microsoft Defender for Endpoint Workbook for Microsoft Sentinel

There's a new Workbook available in the Microsoft Sentinel console that I'm pretty sure you'll overlook because it's been released without much fanfare. However, for those taking advantage of Microsoft Defender for Endpoint and the connection to Microsoft Sentinel, this Workbook contains valuable information. To locate it, in Workbook - Templates, to a quick filter … Continue reading Microsoft Defender for Endpoint Workbook for Microsoft Sentinel

Watching the Watchers: Monitoring Microsoft Sentinel Repositories Activity

If you've not used the Repositories feature of Microsoft Sentinel and you have need to deploy content like rules, workbooks, etc., you should give it a try. It's a powerful tool to enable you to deploy a uniform set of content to your own Sentinel environment or others in other tenants or workspaces that you … Continue reading Watching the Watchers: Monitoring Microsoft Sentinel Repositories Activity

Join the Launch of Microsoft Security Insights on Microsoft Reactor

On April 20th, myself and my colleagues will be kicking off a new journey for the Microsoft Security Insights podcast. We will be kicking off our first-ever Microsoft Reactor show, joined by our inaugural guest, Matt Soseman, Senior Program Manager in Identity & Network Access Division. If you missed it, read the reasons and behind … Continue reading Join the Launch of Microsoft Security Insights on Microsoft Reactor

Introducing a New Series Called Security Rodcasts

Customers are inundated with the ever-flowing stream of updates to all of our services and products. I know it's hard to keep up, and it's even harder to commit time to learn about all the new stuff. I've mulled for a time how to deliver bite-sized nuggets of Microsoft Security information in a way that … Continue reading Introducing a New Series Called Security Rodcasts