How to Take Advantage of the New Virus Total Logic App Connector for Your Azure Sentinel Playbooks

I saw a discussion internally today that exposed to me something I thought I might have missed, but, then realized this is brand new and available in public preview for everyone to test. So - hey - time to share... In the past, we've provided Playbooks for interacting with the Virus Total service through the … Continue reading How to Take Advantage of the New Virus Total Logic App Connector for Your Azure Sentinel Playbooks →

Modified IP Address to GEO to Tags Azure Sentinel Playbook

One of my favorite Playbooks is the one created by Nicholas DiCola that provides GEO information for IP Addresses that are associated with an Azure Sentinel Incident. Once the information is obtained, it's placed in the Incident's Tags for easy readability and quick-glance information about where the connections are coming from. I run this Playbook … Continue reading Modified IP Address to GEO to Tags Azure Sentinel Playbook →

How to Grant Access to Specific Azure Sentinel Playbooks for Specific Analysts

As a general best practice, you want to configure access to Azure Sentinel resources through the Resource Group and you want to ensure you are providing only the access required i.e., using a least permissive model. Azure Sentinel resource access is applied using the following assignment roles... Azure Sentinel roles and allowed actions I talk … Continue reading How to Grant Access to Specific Azure Sentinel Playbooks for Specific Analysts →

Using Microsoft To-do as a Simple Ticketing System for Azure Sentinel

A customer recently wanted me to suggest a very simple, cost-worthy service ticketing system they could use with Azure Sentinel. The following ended up serving the customer's needs. Microsoft To-do can be a powerful tool for those that like to separate their schedule items from their task lists. For many Office 365 customers, they may … Continue reading Using Microsoft To-do as a Simple Ticketing System for Azure Sentinel →