Azure Sentinel SecurityIncident Table Hits General Availability

Many have already been taking advantage of the SOC operation metrics in the SecurityIncident table for Azure Sentinel. This table provides overall efficiency metrics and measures to gauge the performance of your team. Per https://docs.microsoft.com/en-us/azure/sentinel/manage-soc-with-incident-metrics: Every time you create or update an incident, a new log entry will be added to the table. This allows … Continue reading Azure Sentinel SecurityIncident Table Hits General Availability

Worth knowing: Multiple Execution Failures Force Azure Sentinel Analytics Rules to Auto-disable

Rare? Yes...this is a rare enough situation that I've only recently seen once - and only recently. And, thanks to a customer exposing me to this occurrence, I'm a bit smarter. I love it when I get to learn new things about Azure Sentinel. As shown in the image, a customer had located several Scheduled … Continue reading Worth knowing: Multiple Execution Failures Force Azure Sentinel Analytics Rules to Auto-disable

Azure Automanage – Simplify and optimize IT management with automated operations

Overview: Automanage is the latest approach of managing your virtual machines with optimized, automated operations across the entire VM lifecycle. This is a service that eliminates the need to discover, know how to onboard, and how to configure certain services in Azure that would benefit your virtual machine. Major Benefits: The major benefits of using … Continue reading Azure Automanage – Simplify and optimize IT management with automated operations

New Timeline View in Azure Sentinel Incidents Details in Public Preview

A new public preview has begun rollout today that takes some of the Timeline details from the Investigation Graph and makes it available directly in the Incident details. New Timeline view Public Preview This capability exposes some of the important pieces of the Investigation Graph to enable a quick view understanding of the storyline of … Continue reading New Timeline View in Azure Sentinel Incidents Details in Public Preview

Azure Sentinel Cybersecurity Maturity Model Certification (CMMC) Workbook Redux

In preparation for the new Cybersecurity Maturity Model Certification (CMMC) from the Department of Defense (DoD), many of our customers and partners have asked for more information on how to prepare for audits and to maintain compliance. Mandatory review of DOD's compliance on CMMC is delayed somewhat, but that gives organizations more time to prepare. … Continue reading Azure Sentinel Cybersecurity Maturity Model Certification (CMMC) Workbook Redux

How to Monitor the Microsoft AlwaysOn VPN with Azure Sentinel

If you want to have the information from the Microsoft AlwaysOn VPN in Azure Sentinel, do the following: [1] Make sure you have the Azure Monitor Agent (MMA, Log Analytics Agent) installed and are collecting the Application log. This requires the SecurityEvent Data Connector be enabled, btw. Add the Application log to the Agent Configuration … Continue reading How to Monitor the Microsoft AlwaysOn VPN with Azure Sentinel

How to Factor in the Azure Sentinel Automation Delay

Using a mixture of Automation Rules and Playbooks, you can develop some effective automation around common responses to Incidents in Azure Sentinel. The Automation Rules feature is new and compliments the original Playbooks feature extremely well. In some cases, an Automation Rule is all that's needed. But, it's important to understand a slight nuance in … Continue reading How to Factor in the Azure Sentinel Automation Delay

Microsoft Security Insights Podcast Cage Match

Just a heads-up about a quickly upcoming event. On Wednesday evening (March 31st at 6pm EST), the Microsoft Security Insights Podcast is inviting all previous guests back for an all hands on event to supply a round-table for Microsoft security topics. The topics are wide-open and if you join the Twitch steam, you can ask … Continue reading Microsoft Security Insights Podcast Cage Match

How to Add ADFSSignInLogs to Azure Sentinel

A recent enhancement to the Diagnostic Settings for Azure AD allows you to add the AD FS sign-in information to be used in your Azure Sentinel environment. This is a long awaited capability. To enable the ADFSSignInLogs to be available in your Azure Sentinel environment, modify the Diagnostic Setting for Azure AD that was created … Continue reading How to Add ADFSSignInLogs to Azure Sentinel

How to Reenable Analytics Rules Disabled by Enabling the Microsoft 365 Defender (Preview) Alerts

I've seen a few questions around this recently, so it's worth highlighting here. The Microsoft 365 Defender connector is in public preview and the intent for this connector is to eventually consolidate all the Defender-type service connections into a single connector. Awesome intent. Logical. However, because it's in preview, it's not quite at full capability … Continue reading How to Reenable Analytics Rules Disabled by Enabling the Microsoft 365 Defender (Preview) Alerts