How to be Notified When Azure Sentinel Data Stops Flowing

This is early days for something I've been working on for a couple customers so expect the solution to change quite a bit. But the concept is solid and sound. The idea is to be alerted when data ingestion has stopped for a specific table or originating service, i.e., ingestion health. As a security analyst, … Continue reading How to be Notified When Azure Sentinel Data Stops Flowing

How to Add the Antimalware Assessment to Your Azure Sentinel Workspace

The Antimalware Assessment has been part of the Azure Marketplace for a long while and contains some valuable information like Threat Status Rank, Threat Status, Threat Status Details, Protection Status Rank, Protection Status, Protection Status Details, Type of Protection, Scan Date, Date Collected, Product Version, and others. With all this valuable information wouldn't it be … Continue reading How to Add the Antimalware Assessment to Your Azure Sentinel Workspace

How to Obtain and Import Data into the Azure Sentinel Watchlist Preview

The Watchlist feature for Azure Sentinel in public preview. I will cover this more in depth at a later date, but I wanted to answer a question that has become more common recently with customers I've been working with recently when this showed up in their own Azure Sentinel consoles. The question? What are some … Continue reading How to Obtain and Import Data into the Azure Sentinel Watchlist Preview

How to Use HTML and Markdown in Azure Sentinel Incident Comments

Just recently the Azure Sentinel team has added the capability for customers to use HTML and Markdown in the Comment section of Incidents. And, to ensure that there's enough room for the additional content, the comments field has been expanded to support 3,000 characters (1,000 was the default limit). This gives customer the ability to … Continue reading How to Use HTML and Markdown in Azure Sentinel Incident Comments

How to Monitor Compliant and Non-compliant Systems for Zerologon Using Azure Sentinel

In August, we released security updates to resolve a vulnerability (CVE-2020-1472) for all affected systems. With August or September security updates deployed, Domain, Trust and Windows machine accounts will be protected. However, for those organizations that want to monitor for those systems that are either compliant or non-compliant - and find those systems that might … Continue reading How to Monitor Compliant and Non-compliant Systems for Zerologon Using Azure Sentinel

On-Demand Azure Sentinel Video Resources from Microsoft Ignite

Yesterday, I noted the Azure Sentinel Sessions to Watch for During Microsoft Ignite. Most of the sessions I alerted you to are now available for on-demand replay. Here they are: Detect Unknown Threats with User and Entity Behavioral Analytics in Azure Sentinel – On-demandArchitecting SecOps for Success Best Practices for Deploying Azure Sentinel – On-DemandArchitecting SecOps for … Continue reading On-Demand Azure Sentinel Video Resources from Microsoft Ignite

Azure Sentinel Sessions to Watch for During Microsoft Ignite

If you're attending our first virtual-only Microsoft Ignite this year and want some great sessions on Azure Sentinel, here's my list of top content to consume. Improve SecOps with Azure Sentinel, your Cloud-Native SIEM: https://myignite.microsoft.com/sessions/2d7215b6-f3ef-41dc-9a03-c074889b7760 Today more than ever, Security Operations Centers are tasked with modernizing threat response and improving efficiency. See the latest innovations … Continue reading Azure Sentinel Sessions to Watch for During Microsoft Ignite

Getting Guidance for Setting a Security Baseline for Your Azure Sentinel Environment

We recently released some guidance on setting a good baseline for security best practices for Azure Sentinel. I know some of you have found it, but I think it's worth documenting and highlighting so more people know about it. As much as this is a security component, generally the SOC doesn't deal with this information … Continue reading Getting Guidance for Setting a Security Baseline for Your Azure Sentinel Environment

How to Connect Azure Kubernetes to Azure Sentinel

Not surprisingly I had a couple customers and someone on Twitter ask recently about how they could use Azure Sentinel to query against and monitor the Kubernetes service and containers. It's just early days for me as I start to test and expose the security events that are available in the data that is ingested, … Continue reading How to Connect Azure Kubernetes to Azure Sentinel

How to Automate the Backup of Azure Sentinel Tables to Blob Storage Using PowerShell

Not too long ago I wrote a blog post describing how to use Cloud Shell to create Export Rules for automating the backup of Azure Sentinel tables to Blob storage for long-term backup. This is useful for those organizations that need to store data, due to policy, for longer periods than the default 2 years … Continue reading How to Automate the Backup of Azure Sentinel Tables to Blob Storage Using PowerShell