cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Microsoft Sentinel Blog
Options
9,780

Examining the Deception infrastructure in place behind code.microsoft.com

robeving on Apr 26 2024 07:51 PM
The domain name code.microsoft.com has an interesting story behind it. Here we examine how we've used this to collect ac...
2,205

Setting up Sentinel for Kubernetes Monitoring

Umesh_Nagdev on Apr 19 2024 07:55 AM
A guide to using Microsoft Sentinel for monitoring the security of your containerized applications and orchestration pla...
1,668

Ingesting Non-Microsoft Cloud Security Data into Microsoft Sentinel for Gov & DIB customers part 2

jeffsc on Apr 15 2024 11:17 AM
This is a continuation of the series discussion ingesting non-Microsoft cloud security data into Microsoft Sentinel. In ...
1,652

Ingesting Non-Microsoft Cloud Security Data into Microsoft Sentinel for Government & DIB Customers

jeffsc on Apr 15 2024 11:17 AM
Microsoft Azure Government customers that are using Microsoft Sentinel to monitor their Azure & Office 365 Tenants, the ...
4,294

[What's New] Easily migrate to Microsoft Sentinel with the new SIEM migration experience

Preeti_Krishna on Mar 28 2024 02:56 PM
Announcing GA of the new Microsoft Sentinel SIEM migration experience to enable you to bring in your SIEM detections int...
5,412

Create Codeless Connectors with the Codeless Connector Builder (Preview)

Matt_Lowe on Mar 14 2024 05:21 PM
Hate JSON templates? Looking to make your own Codeless Connectors for Microsoft Sentinel? You’re in luck. This workbook ...
3,810

Monitoring Kubernetes Clusters, Image Build Environment and Container Registries with Sentinel

Umesh_Nagdev on Feb 20 2024 07:04 AM
A guide to using Microsoft Sentinel for monitoring the security of your containerized applications and orchestration pla...
3,095

Upcoming Content Hub AMA supported Data Connectors

Josefa-Sepulveda on Feb 08 2024 07:58 AM
Upcoming Content Hub Azure Monitoring Agent (AMA) supported Data Connectors
5,327

Create Tasks Repository in Microsoft Sentinel

BenjiSec on Feb 06 2024 04:03 AM
In this blog, we will demonstrate how utilization of watchlists, automation rules, and playbooks can be used as tasks re...
4,535

What's New: CrowdStrike Falcon Data Replicator V2 Data Connector is now Generally Available!

PrateekTaneja on Feb 04 2024 10:22 PM
The CrowdStrike Falcon Data replicator V2 Data connector is now available as a part of the CrowdStrike Falcon Endpoint P...
5,577

Unleash the full potential of User and Entity Behavior Analytics with our updated workbook

madesous on Jan 17 2024 05:27 AM
We have updated the User and Entity Behavior Analytics workbook to include more. Now, you can prioritize incidents based...
3,235

Querying Watchlists

GBushey on Jan 16 2024 07:20 AM
Learn how to use _ASIM_GetWatchlistRaw to return specific rows in a watchlist.
3,526

Leveraging CEF with Azure Monitor Agent (AMA) for GCP-Hosted Fortinet Firewall and Syslog Forwarder,

VipulDabhi on Jan 08 2024 11:11 AM
Blog Title: "Leveraging CEF with Azure Monitor Agent (AMA) for GCP-Hosted Fortinet Firewall and Syslog Forwarder, connec...
6,279

Use Azure DevOps to manage Sentinel for MSSPs and Multi-tenant Environments

timurengin on Jan 08 2024 11:10 AM
Automate Sentinel resource deployment in multi-tenant scenarios using Azure DevOps and Sentinel Repositories. Enable ver...
25.7K

Become a Microsoft Unified SOC Platform Ninja

Josefa-Sepulveda on Jan 02 2024 02:24 AM
Get deeper using Unified Security Operations Platform with Microsoft Sentinel and Defender XDR Ninja Training!
48K

Identifying Adversary-in-the-Middle (AiTM) Phishing Attacks through 3rd-Party Network Detection

Arjun_Trivedi on Nov 29 2023 10:13 PM
Delve into the intricacies of Adversary-in-the-Middle (AiTM) phishing attacks as we explore the latest trends, threats, ...
9,988

Microsoft Sentinel: Public preview of Microsoft Defender for Cloud to Defender XDR integration

skochavi on Nov 27 2023 01:21 PM
With the announcement of the release to Public Preview of Microsoft Defender for Cloud integration into Microsoft Defend...
8,638

Sentinel's Enrichment Widgets: Elevating Cybersecurity Intelligence with Microsoft

ShaharAviv on Nov 20 2023 10:27 PM
Discover the innovative Enrichment Widgets in Microsoft Sentinel, a feature designed to improve the investigation proces...
6,622

Microsoft Sentinel Partner Solution Contributions update - Ignite 2023

Eric Burkholder on Nov 15 2023 02:26 PM
Content Hub continues to grow with new content from Microsoft Security Software Partners! Learn about the latest Microso...
61.9K

Introducing a Unified Security Operations Platform with Microsoft Sentinel and Defender XDR

Erez Einav on Nov 15 2023 08:00 AM
Read about our announcement of an exciting private preview that represents the next step in the SOC protection and effic...
5,485

Architecture Guidance: How to ingest GCP Firewall\VPC logs into Microsoft Sentinel

mahmoudmsft on Nov 08 2023 10:02 AM
Using log ingestion API to Pull firewall logs from GCP PubSub and ingest it into Sentine. l
14.4K

Fortifying Your Defenses: How Microsoft Sentinel Safeguards Your Organization from BEC Attacks

Pete Bryan on Sep 21 2023 03:02 PM
Business Email Compromise (BEC) attacks continue to be some of the most prevalent and costly attacks facing organization...
16.1K

Accelerating Zero Trust Alignment with Microsoft Sentinel

lili on Sep 05 2023 12:18 AM
Learn more about how Microsoft Sentinel can accelerate the journey to zero trust alignment, with a focus on the US Depar...
7,057

Microsoft Sentinel's new incident experience is generally available!

Tiander Turpijn on Aug 30 2023 04:33 AM
We are excited to announce that the Microsoft Sentinel new incident experience is generally available!
19.3K

Introducing Microsoft Sentinel Optimization Workbook

Jeremy Tan on Aug 23 2023 04:30 AM
Gain insights into your Sentinel environment such as ingestion, cost, operational metrics, and more, while also providin...
7,639

Manage Access to Microsoft Sentinel Workbooks with Lower Scoped RBAC

Matt_Lowe on Aug 22 2023 09:30 AM
Leveraging Microsoft Sentinel workbooks for reporting to leadership is a common use case. A common concern is granting r...
13.5K

Help Protect your Exchange Environment With Microsoft Sentinel

Nicolas Lepagnez on Aug 09 2023 04:44 AM
TL;DR; Sentinel + Exchange Servers or Exchange Online = better protected New Microsoft Sentinel security solution for Ex...

Latest Comments

Eloise475
in What’s new: Run playbooks on entities on-demand on Apr 29 2024 11:46 AM
Now, playbooks can run on selected entity (specific threat actor). Using both automated response and actions on-demand helps to increase productivity: Full automation is the best solution for as many incident-handling, investigation, and mitigation tasks as you're comfortable automating.
0 Likes
Heather-M
in Examining the Deception infrastructure in place behind code.microsoft.com on Apr 27 2024 02:58 PM
Truly fascinating. Thank you for taking the time to explain what, how, and everything in between. So many forget about the smaller audience, like myself, who are learning (but, soaking it up like a sponge). Many thanks
0 Likes
RawsonW
in Examining the Deception infrastructure in place behind code.microsoft.com on Apr 26 2024 09:37 PM
Very insightful article about the cyber maturity Microsoft is running behind the scenes. It raises good awareness for the importance of monitoring tools on all web services that run public to the world. Also highlights the importance of governance throughout public service's lifetimes. It would be g...
0 Likes
Ciyaresh91
in Split Microsoft Sentinel Tables with Multi-Destination Data Collection Rules on Apr 15 2024 08:06 AM
@Matt_Lowe Is it possible to use this to prevent certain logs from being ingested? Xpath for DCR is not customization enough for us to drop certain logs. We are currently trying to drop certain WindowsEvent table logs(windows event forwarding). This certain event is very noisy and has no value. We c...
0 Likes
Azizjaz24
in Software Defined Monitoring - Using Automated Notebooks and Azure Sentinel to Improve Sec Ops on Apr 15 2024 06:41 AM
Hello, Very helpful blog thank you. I have a question though , is this way of automation is recommanded rather than using playbooks/logic apps to trigger the notebooks i need in the context of SOAR capabilities of sentinel ? like is it better ? if so how ?
0 Likes