How to Obtain a Completion Certificate for Azure Security Center Ninja Training

Many of the Microsoft Ninja trainings have completion certificates available after a brief knowledge measure and a passing score. As of August 11th, this also goes for the Ninja training for Azure Security Center/Azure Defender. The knowledge measure for ASC consists of 30 questions. I've taken it myself and am pretty happy to say I … Continue reading How to Obtain a Completion Certificate for Azure Security Center Ninja Training

Field Notes: Active Directory tombstone lifetime

The days of updating the default tombstone lifetime for Active Directory may be long forgotten, but if your Active Directory Forest has been running since Windows Server 2000/2003 and you have never verified the tombstone lifetime, it may be worthwhile to do so. As I have found first-hand with my customer, there are some deployments out there that may still be using a tombstone lifetime of 60 days. Expecting a value of 180 days and realizing too late that this is not the case may cause unnecessary complications in the future.

How to Monitor the Azure Sentinel What’s New Docs Page with RSS

There's a few ways to monitor for the new features that are in constant release for Azure Sentinel. First off, you can watch the "What's New" posts on the official Azure Sentinel blog and pick up the RSS feed from there. Secondly, there's (of course!) the Azure Sentinel weekly newsletter that delivers every Friday morning. … Continue reading How to Monitor the Azure Sentinel What’s New Docs Page with RSS

Shortcut Way to Create Your XPath Queries for Azure Sentinel DCRs

I talked recently about XPath queries in relations to the new Windows Security Events Data Connector in Azure Sentinel. To catch up to that discussion, see: How to Limit What Azure Sentinel Collects from Windows Systems. XPath queries are something you'll need to become comfortable with creating to use Data Collection Rules (DCRs) that are … Continue reading Shortcut Way to Create Your XPath Queries for Azure Sentinel DCRs

How to Save Your Azure Sentinel Query History Externally

I've talked recently about how to use the cool new feature of Query Packs to save your Azure Sentinel queries for longer term. Query history is only save for 30 days, despite the 90-day retention offering for other Azure Sentinel data. So, its good to make use of the Query Packs or the general Save … Continue reading How to Save Your Azure Sentinel Query History Externally

How to Monitor Your ADX versus LAW Usage in Azure Sentinel

The Azure Sentinel community is absolutely the best! If you haven't seen this yet, you should jump into your Workbooks blade in Azure Sentinel and locate a new, community gifted Workbook called "ADXvsLA" or Azure Data Explorer versus Log Analytics. ADXvsLA Workbook To help maximize value and make data storage more cost efficient, you can … Continue reading How to Monitor Your ADX versus LAW Usage in Azure Sentinel

Azure Sentinel Incident Advanced Search Limitations

Microsoft released a super-cool new search capability for Incidents in Azure Sentinel. Prior to this release, analysts could perform a basic search and return results for the Incident ID, Incident Title, assigned Tags, Incident Owner, and the Product name associated with the Incident. With this new facility, analysts can now also include: Alert ID, Alert … Continue reading Azure Sentinel Incident Advanced Search Limitations

Regulatory Compliance in Azure Security Center Workflow Automation Reaches GA

As you know, in Azure Security Center, Workflow Automation can be used to trigger Logic Apps when security center data changes. In February of this year, the ability to enable these triggers based on Regulatory Compliance changes entered preview. Today, this capability is now complete and released to GA. As shown below, you can now … Continue reading Regulatory Compliance in Azure Security Center Workflow Automation Reaches GA

How to Find How Long an Azure Security Center Recommendation Has Been Open

Azure Security Center provides awesome capability to deliver recommendations on how to better secure the existing environment and also how to deploy new workloads securely. This evaluation is continuous and it should be part of a daily or weekly regimen to review the recommendation list and take action where necessary. But, what if you want … Continue reading How to Find How Long an Azure Security Center Recommendation Has Been Open

How to Turn the Azure Sentinel Security Baseline into a Project Plan

Ashwin, the individual who recently put together a tool for estimating EPS and GB Per Day for Azure Sentinel Costs, has developed a new tool that takes the Azure Security Benchmark and applies all the components to Azure Sentinel. The Azure Security Benchmark is a set of guidelines and best practices for deploying and managing … Continue reading How to Turn the Azure Sentinel Security Baseline into a Project Plan