Azure Sentinel

Options

1,506

Ofer_Shezaf on 12-04-2019 05:27 PM

In the SIEM world, rules are often called correlation rules to stress the role of a SIEM to correlate signals from diffe...

6,711

Pete Bryan on 12-04-2019 03:26 AM

Azure Lighthouse provides capability for cross-tenancy management of Azure services for Managed Service Providers (MSPs)...

1,484

Alp Babayigit on 11-25-2019 11:22 AM

Learn how to use Office 365 DLP events in Azure Sentinel.

2,160

Ofer_Shezaf on 11-25-2019 01:57 AM

Writing alert rules using KQL is powerful, but does not have to be complicated. A good example would be rules that in tr...

5,497

Ashwin_Patil on 11-20-2019 07:00 AM

In the second part, we will analyze logs generated from simulation and see how we can hunt for some of the attacker tech...

6,056

Cristhofer Munoz on 11-19-2019 06:12 AM

By Nicholas DiCola & Cristhofer Romeo Munoz

9,616

Ashwin_Patil on 11-18-2019 07:00 AM

This is the first part of two part article in which we will explain the attack simulation of Capital one Breach scenario...

1,758

Sarah Fender on 11-13-2019 09:41 AM

Not able to make it to Microsoft Ignite last week in Orlando? No problem, you can catch the sessions on demand.

5,313

Amar Patel (C AND E) on 11-11-2019 09:52 AM

Learn how to setup and use the new built-in URL detonation in Azure Sentinel.

1,248

Clive Watson on 11-11-2019 03:03 AM

In this article lets see how Azure Arc integrates its data into Azure Sentinel and how we can visualise that data in an ...

1,361

Alex_Karabasevic on 11-07-2019 01:07 PM

Making the switch to a new SIEM is a big change – instead, try out Azure Sentinel by connecting your organization’s data...

2,141

Stefan Simon on 11-05-2019 11:25 AM

In this article we will show how you can ingest Office 365 alerts into Azure Sentinel through Graph Security API and Sen...

1,186

Ofer_Shezaf on 11-05-2019 06:16 AM

Want to learn more about using Azure Sentinel? Advanced functionality, Cloud architecture, on-prem collection? Join the ...

1,944

Clive Watson on 11-04-2019 02:07 PM

Building on my last post, now we will map a users location and see how far they have travelled between them. I'll also p...

2,402

Clive Watson on 11-01-2019 09:18 AM

Summary In this post I'm going to describe how to use Sentinel data to provide insights and show those on a world map.

2,102

Yaniv Shasha on 10-30-2019 01:17 AM

Table level RBAC allows you to define more granular control to data in a Log Analytics workspace in addition to the othe...

1,647

Ofer_Shezaf on 10-27-2019 05:44 AM

Next week many of you will be going to Ignite to learn more about Microsoft products and technologies. Azure Sentinel wi...

1,926

Ofer_Shezaf on 10-16-2019 11:15 PM

The capability to set the retention period per data type is now available for Log Analytics and Azure Sentinel. Setting ...

2,429

shainw on 10-15-2019 08:56 AM

Azure Sentinel allows for a very nice investigation experience when pivoting on interesting entities that are brought to...

2,031

Pete Bryan on 10-07-2019 10:00 AM

Contextual knowledge can have a big impact on a security analysts decisions when triaging alerts and investigating threa...

1,886

ianhelle on 09-30-2019 08:27 AM

Use Threat Intelligence in your hunting/investigation notebooks? Ever wanted to lookup an IoC in multiple TI providers w...

3,493

Ofer_Shezaf on 09-24-2019 11:30 PM

I am happy to announce that Azure Sentinel is now GA - That is Generally Available! The "preview" label has disappeared....

2,583

Ofer_Shezaf on 09-19-2019 02:11 PM

The Sentinel data connectors page does not include the source you need. What do you do next? Custom connectors may be th...

2,200

Ofer_Shezaf on 09-18-2019 02:00 AM

As we move closer to general availability (GA), you will see many changes in the Azure Sentinel. While true to the cloud...

11.4K

Tiander Turpijn on 08-31-2019 02:58 PM

When you register the Microsoft.Security Resource Provider (RP) for a subscription and want to start using Azure Securit...

1,478

Yuri Diogenes on 08-22-2019 07:35 PM

3,091

Ofer_Shezaf on 08-19-2019 01:43 PM

Whether deployed in the cloud, on-prem VMs or even physical machines, those are probably still the most significant atta...

3,950

Ofer_Shezaf on 08-13-2019 11:53 PM

Want to connect a source system to Sentinel to send events? The chances are that it supported streaming events using Sys...

2,687

Ofer_Shezaf on 08-07-2019 02:30 AM

Ever wondered how to connect Azure Estate, Azure PaaS services or even Intune telemetry to Azure Sentinel? Learn how to ...

4,334

Ashwin_Patil on 07-31-2019 07:45 AM

This article will discuss the use case of detecting network beaconing via intra-request time delta patterns using KQL (K...

Latest Comments

in Hunting for Capital One Breach TTPs in AWS logs using Azure Sentinel - Part I on 12-10-2019

Thanks @cteodor . the screenshots should show cloudgoat profile as i am using it, i have edited article with the correct screenshots.

0 Likes

in Hunting for Capital One Breach TTPs in AWS logs using Azure Sentinel - Part I on 12-10-2019

Uhm, on step 2 you did aws configure --profile cloudgoat but later on after "verify that config and credential files are correctly populated" we can see only [default], are you using the profile or the default settings?

0 Likes

in Ingest Office 365 DLP Events into Azure Sentinel on 12-05-2019

In the code example where you are searching for "DLPRuleMatch" why do you do use where Operation contains "DLP" before where Operation == "DLPRuleMatch" ? Does that make the query faster?

0 Likes

in Azure Sentinel correlation rules: the join KQL operator on 12-05-2019

Thanks @Gary Bushey! fixed. I really need to get an exception to run Grammarly in Chrome. Corporate policy does not allow me which means I am cutting and pasting parts back and forth, and those are the results :(

0 Likes

in Azure Sentinel correlation rules: the join KQL operator on 12-05-2019

I think in the line "By setting the If the join and additional conditions return results, an alert is triggered. ", the first 3 words should not be there. This is in the 3rd paragraph under the Correlating using Joins header

0 Likes

Azure Sentinel correlation rules: the join KQL operator

Using Azure Lighthouse and Azure Sentinel to Monitor Across Multiple Tenants

Ingest Office 365 DLP Events into Azure Sentinel

Azure Sentinel correlation rules: Active Lists out; make_list() in, the AAD/AWS correlation example

Hunting for Capital One Breach TTPs in AWS logs using Azure Sentinel - Part II

Best Practices for Common Event Format (CEF) collection in Azure Sentinel

Hunting for Capital One Breach TTPs in AWS logs using Azure Sentinel - Part I

Azure Sentinel – Microsoft Ignite 2019 Recap

Using the new built-in URL detonation in Azure Sentinel

Azure Sentinel and Azure Arc

Try Azure Sentinel Alongside Your Existing SIEM

Ingesting Office 365 Alerts with Graph Security API

Upcoming Azure Sentinel training webinars

How to use Azure Sentinel to follow a Users travel and map their location

How to use Azure Monitor Workbooks to map Sentinel data

Table Level RBAC In Azure Sentinel

Azure Sentinel at Microsoft Ignite

New: Per data type retention is now available for Azure Sentinel

Identifying Threat Hunting opportunities in your data

What am I looking at? - Using Notebooks to gain situational awareness.

Using Threat Intelligence in your Jupyter Notebooks

Azure Sentinel is now Generally Available!

Azure Sentinel: Creating Custom Connectors

Preparing towards Azure Sentinel's GA

Best practices for designing an Azure Sentinel or Azure Security Center Log Analytics workspace

Upcoming Changes to Fusion in Azure Sentinel

Azure Sentinel Agent: Collecting telemetry from on-prem and IaaS server

Azure Sentinel: Syslog, CEF and other 3rd party connectors grand list

Azure Sentinel: Collecting logs from Microsoft Services and Applications

Detect Network beaconing via Intra-Request time delta patterns in Azure Sentinel