How to Enroll a Huawei Device in Intune

In May 2019, then-United States President Donald Trump announced that Huawei, along with several other Chinese companies, was now on something called the Entity List. Companies on this list are unable to do business with any organization that operates in the United States. This made the lives of administrators difficult, to ensure that these devices … Continue reading How to Enroll a Huawei Device in Intune

Spice Up Your Microsoft Sentinel KQL Query Results with Emoji

Here's a little-known tip that can help brighten an otherwise mundane query existence. Instead of producing the normal query results of boring and blah rows and columns of data to sift through, have a little fun with it. Did you know that KQL supports emoji? Emoji in KQL? Say it isn't so!! It has to … Continue reading Spice Up Your Microsoft Sentinel KQL Query Results with Emoji

How to Use Threatview.io Threat Intelligence Feeds with Microsoft Sentinel

Threatview.io provides some excellent threat intelligence feeds that can be used with Microsoft Sentinel as external sources. The Threatview.io feeds are updated regularly - generated daily at 11PM UTC - so you can be sure that the most current indicators will be available. The feeds are available from here: https://threatview.io/ The feeds are provided as … Continue reading How to Use Threatview.io Threat Intelligence Feeds with Microsoft Sentinel

How to Get a List of Your Active Analytics Rules for Microsoft Sentinel

Though I've used the Workspace Usage Report Workbook a hundred times or more, I've never quite identified this little treasure myself. There's a number of times that customers ask for a way to quickly get a list of their enabled Analytics Rules. There are ways of doing this using the API and PowerShell, but the … Continue reading How to Get a List of Your Active Analytics Rules for Microsoft Sentinel

How to Import One or Multiple Analytics Rules into Microsoft Sentinel

There are a few PowerShell options out there (including the official module) to help automate content and collateral deployment to your Microsoft Sentinel workspace. But the one from Jan Geisbauer is highly recommended. Jan's original blog post announcement about this new module is here: Alertrule from github to Azure sentinel | (emptydc.com) The PowerShell module … Continue reading How to Import One or Multiple Analytics Rules into Microsoft Sentinel

How to Query HaveIBeenPwned Using a Microsoft Sentinel Playbook

I've known Troy Hunt for a number of years and his contributions to the security and privacy industry have been hugely valuable and much appreciated by the masses. HaveIBeenPwned is a great resource developed and maintained by Troy. It provides the ability to query against its database to expose domains or user accounts that have … Continue reading How to Query HaveIBeenPwned Using a Microsoft Sentinel Playbook

How to Use a Playbook to Add Geographical Data for IP Addresses to a Microsoft Sentinel Incident

We have a Playbook out on the official GitHub Repo that queries the IP-API.com website with IP addresses and then writes the geographical information to an Incident's Tags. This is useful, but it's been found to be too limiting based on the amount of information IP-API returns versus how little data a Tag can hold. … Continue reading How to Use a Playbook to Add Geographical Data for IP Addresses to a Microsoft Sentinel Incident

Tip: Duplicate and Deprecate to Modify Azure Sentinel Analytics Rules

Just a quick heads-up tip for those that might be affected by this scenario eventually. Some might call this a "best practice" but I know many people hate that term. Hence, my use of the term "tip" instead. When Azure Sentinel Analytics Rules are updated from Microsoft, any changes you have made to the original … Continue reading Tip: Duplicate and Deprecate to Modify Azure Sentinel Analytics Rules

How to Get the Network Security Dashboard for Security Center

There's a new dashboard in town for Azure Security Center. This particular dashboard (workbook) contains the following: Overview - a summary of all monitored network-related security components.Public IPs & Exposed Ports - Public IP and Asset Types and Ports Exposed to the InternetNetwork Security Services- DDoS Protection Plans, Azure Firewalls and Firewall Policies, Azure WAF … Continue reading How to Get the Network Security Dashboard for Security Center

Azure Sentinel Gets Its Own Knowledge Check and Completion Certificate

Following in the footsteps of the rest of the Microsoft security platform tools, Azure Sentinel training now has its own completion certificate! My original post on All the Microsoft Ninja Training I Know About noted that every product except Security Center and Sentinel provided knowledge checks with a resulting completion certificate. But, I've since updated … Continue reading Azure Sentinel Gets Its Own Knowledge Check and Completion Certificate