Despite sometimes feeling like I read 10 books a day already from the emails, Teams messages, and web links I manage, I do like to sit down with an actual book. Well...I take that back. I do prefer to read eBooks instead of holding a stack of bound papers in my hand. But, still. And, … Continue reading Books for Microsoft Sentinel →

The Data Connector that utilizes the modern agent (AMA) for collecting Windows Events has now been released into GA. Legacy and Current Azure Sentinel customers will notice a couple things for this connector. First off, the preview tag is missing. But, secondly, the original Security Events connector is now labeled as the Legacy Agent. Docs: … Continue reading The Preview Tag Drops from the Windows Security Events Data Connector for Azure Sentinel →

This is it! Your guide to all things Azure Sentinel at Microsoft Ignite, November 2-4, 2021. And, while there's not exactly stacks of Azure Sentinel-specific content, there's what I like to call Azure Sentinel "themed" content that should prove valuable to all of you. Listed below are some opportunities to hear and learn about Azure … Continue reading The Azure Sentinel Guide to Microsoft Ignite 2021 →

Just a heads-up that the consolidated Microsoft Defender Data Connector for Azure Sentinel has received an upgrade today. For many months, the only available connection for this all-in-one was for Defender for Endpoint. Today, Azure Sentinel customers can enjoy connecting Defender for Office 365 (MDO). Microsoft Defender for Office 365! This new connection enables data … Continue reading Microsoft Defender for Office 365 for Azure Sentinel Now Available →

I am a pioneer of sorts. It was completely unintended. A few months back, I submitted a session to an in-person conference (MMS Miami Beach Edition), assuming that by the time the conference kicked-off there'd be a lot of great information to pull from to connect a Cloud PC to Azure Sentinel. The conference is … Continue reading How to Monitor for Brute Force Attack Against a Cloud PC in Azure Sentinel →

A new Azure Sentinel capability is available that allows you to assign Incidents to groups you have created in Azure Active Directory. Assign Groups to Incidents You can see in my image above that I can assign any Incident to a SOC Investigative Analysts or SOC Hunting Analysts group. Just so you don't go looking … Continue reading How to Assign Azure Sentinel Incidents to AAD Groups →

We have always provided a lot of awesome out-of-the-box collateral for customers to start using Azure Sentinel right after installation. Out-of-the-box there have been Analytics Rules, Data Connectors, Hunting Queries, Workbooks, etc, but there have never been any Playbook templates provided. Today, if you venture inside the Automation section in the Azure Sentinel console, you'll … Continue reading Azure Sentinel Gets Built-in Playbooks Templates and Expanded Menu Options →