Automate your SOC – Noise is the enemy of speed

As you can imagine, Microsoft has a massive security footprint. We’ve published previously that we get more than 20 billion cybersecurity events per day. That is an incredible number and you can imagine how difficult it must be to sort through all that data to find real threats. You may not have that many events, … Continue reading Automate your SOC – Noise is the enemy of speed

Automate your SOC – Let’s talk about STAT, baby

Let's talk about SIEM and me...let's talk about all the good things Last week, we talked about automating your SOC with the Microsoft Sentinel Triage Assistant (STAT). So this week, we thought it would be a good idea to talk about how to get STAT deployed in your Sentinel environment. Remember that STAT consists of … Continue reading Automate your SOC – Let’s talk about STAT, baby

Let’s automate your SOC

Intro to Microsoft Sentinel Triage Assistant (STAT) We wanted to jump right in to help you automate your security operations by introducing the Microsoft Sentinel Triage Assistant or STAT for short. STAT is built on a series of Azure Logic Apps which can be integrated into Microsoft Sentinel, Azure Active Directory, and the 365 Defender … Continue reading Let’s automate your SOC

Welcome to…

Welcome to the SOCAutomator's blog. Mike and I are here to talk about the importance of automation in incident response. We'll talk about the theory of automation as well as practical examples of how you can apply automation to your environment. Your first question might be "Why should I automate?" There are many answers to … Continue reading Welcome to…

How to: Automate On-Premises AD Users to Microsoft Sentinel Watchlist

Watchlists in Microsoft Sentinel allow you to correlate data from a data source you provide with the events in your Microsoft Sentinel environment. For example, you might create a watchlist with a list of high-value assets, terminated employees, or service accounts in your environment. Microsoft Sentinel customers often ask if there is a chance to … Continue reading How to: Automate On-Premises AD Users to Microsoft Sentinel Watchlist

The Preview Tag Drops from the Windows Security Events Data Connector for Azure Sentinel

The Data Connector that utilizes the modern agent (AMA) for collecting Windows Events has now been released into GA. Legacy and Current Azure Sentinel customers will notice a couple things for this connector. First off, the preview tag is missing. But, secondly, the original Security Events connector is now labeled as the Legacy Agent. Docs: … Continue reading The Preview Tag Drops from the Windows Security Events Data Connector for Azure Sentinel

Announcing the On-Prem Security Monitoring for Sentinel Solution

While we've made connecting things from on-premises to the cloud for Azure Sentinel extremely easy, there's always been a sort of hesitancy for defined reasons. Obviously, no one should ever consider installing the OMS/MMA or AMA agent on literally every Windows device in the organization - though truth told - I have been part of … Continue reading Announcing the On-Prem Security Monitoring for Sentinel Solution

The Azure Sentinel Guide to Microsoft Ignite 2021

This is it! Your guide to all things Azure Sentinel at Microsoft Ignite, November 2-4, 2021. And, while there's not exactly stacks of Azure Sentinel-specific content, there's what I like to call Azure Sentinel "themed" content that should prove valuable to all of you. Listed below are some opportunities to hear and learn about Azure … Continue reading The Azure Sentinel Guide to Microsoft Ignite 2021

Microsoft Defender for Office 365 for Azure Sentinel Now Available

Just a heads-up that the consolidated Microsoft Defender Data Connector for Azure Sentinel has received an upgrade today. For many months, the only available connection for this all-in-one was for Defender for Endpoint. Today, Azure Sentinel customers can enjoy connecting Defender for Office 365 (MDO). Microsoft Defender for Office 365! This new connection enables data … Continue reading Microsoft Defender for Office 365 for Azure Sentinel Now Available