Recipes for Automation: Reading About Updated Microsoft Sentinel Content in a Microsoft Teams SOC Channel

This post is part of an ongoing series to provide ideas for enhancing security operations through automation. Microsoft Sentinel has built-in SOAR capability, so the prescriptive guidance provided here can be implemented immediately and without much effort. ================================= Microsoft Sentinel is updated constantly, and many customers would like better ways to know when things are … Continue reading Recipes for Automation: Reading About Updated Microsoft Sentinel Content in a Microsoft Teams SOC Channel →

How to Take Advantage of the New Virus Total Logic App Connector for Your Azure Sentinel Playbooks

I saw a discussion internally today that exposed to me something I thought I might have missed, but, then realized this is brand new and available in public preview for everyone to test. So - hey - time to share... In the past, we've provided Playbooks for interacting with the Virus Total service through the … Continue reading How to Take Advantage of the New Virus Total Logic App Connector for Your Azure Sentinel Playbooks →

Download and Backup Your Azure Sentinel Playbooks

You may have noticed that depending on the existence (or non-existence) of certain connectors, you're not able to export certain Playbooks (Logic Apps). You may see an error message similar to that in the next image. Logic App Export Some would like to still be able to back up their Logic Apps, but in my … Continue reading Download and Backup Your Azure Sentinel Playbooks →

How to Grant Access to Specific Azure Sentinel Playbooks for Specific Analysts

As a general best practice, you want to configure access to Azure Sentinel resources through the Resource Group and you want to ensure you are providing only the access required i.e., using a least permissive model. Azure Sentinel resource access is applied using the following assignment roles... Azure Sentinel roles and allowed actions I talk … Continue reading How to Grant Access to Specific Azure Sentinel Playbooks for Specific Analysts →

Using Microsoft To-do as a Simple Ticketing System for Azure Sentinel

A customer recently wanted me to suggest a very simple, cost-worthy service ticketing system they could use with Azure Sentinel. The following ended up serving the customer's needs. Microsoft To-do can be a powerful tool for those that like to separate their schedule items from their task lists. For many Office 365 customers, they may … Continue reading Using Microsoft To-do as a Simple Ticketing System for Azure Sentinel →