Azure Sentinel

Options

915

Ofer_Shezaf on 12-04-2019 05:27 PM

In the SIEM world, rules are often called correlation rules to stress the role of a SIEM to correlate signals from diffe...

4,418

Pete Bryan on 12-04-2019 03:26 AM

Azure Lighthouse provides capability for cross-tenancy management of Azure services for Managed Service Providers (MSPs)...

1,344

Alp Babayigit on 11-25-2019 11:22 AM

Learn how to use Office 365 DLP events in Azure Sentinel.

1,969

Ofer_Shezaf on 11-25-2019 01:57 AM

Writing alert rules using KQL is powerful, but does not have to be complicated. A good example would be rules that in tr...

5,344

Ashwin_Patil on 11-20-2019 07:00 AM

In the second part, we will analyze logs generated from simulation and see how we can hunt for some of the attacker tech...

5,997

Cristhofer Munoz on 11-19-2019 06:12 AM

By Nicholas DiCola & Cristhofer Romeo Munoz

9,250

Ashwin_Patil on 11-18-2019 07:00 AM

This is the first part of two part article in which we will explain the attack simulation of Capital one Breach scenario...

1,637

Sarah Fender on 11-13-2019 09:41 AM

Not able to make it to Microsoft Ignite last week in Orlando? No problem, you can catch the sessions on demand.

5,158

Amar Patel (C AND E) on 11-11-2019 09:52 AM

Learn how to setup and use the new built-in URL detonation in Azure Sentinel.

1,146

Clive Watson on 11-11-2019 03:03 AM

In this article lets see how Azure Arc integrates its data into Azure Sentinel and how we can visualise that data in an ...

1,285

Alex_Karabasevic on 11-07-2019 01:07 PM

Making the switch to a new SIEM is a big change – instead, try out Azure Sentinel by connecting your organization’s data...

2,032

Stefan Simon on 11-05-2019 11:25 AM

In this article we will show how you can ingest Office 365 alerts into Azure Sentinel through Graph Security API and Sen...

1,122

Ofer_Shezaf on 11-05-2019 06:16 AM

Want to learn more about using Azure Sentinel? Advanced functionality, Cloud architecture, on-prem collection? Join the ...

1,884

Clive Watson on 11-04-2019 02:07 PM

Building on my last post, now we will map a users location and see how far they have travelled between them. I'll also p...

2,331

Clive Watson on 11-01-2019 09:18 AM

Summary In this post I'm going to describe how to use Sentinel data to provide insights and show those on a world map.

2,041

Yaniv Shasha on 10-30-2019 01:17 AM

Table level RBAC allows you to define more granular control to data in a Log Analytics workspace in addition to the othe...

1,607

Ofer_Shezaf on 10-27-2019 05:44 AM

Next week many of you will be going to Ignite to learn more about Microsoft products and technologies. Azure Sentinel wi...

1,878

Ofer_Shezaf on 10-16-2019 11:15 PM

The capability to set the retention period per data type is now available for Log Analytics and Azure Sentinel. Setting ...

2,378

shainw on 10-15-2019 08:56 AM

Azure Sentinel allows for a very nice investigation experience when pivoting on interesting entities that are brought to...

1,999

Pete Bryan on 10-07-2019 10:00 AM

Contextual knowledge can have a big impact on a security analysts decisions when triaging alerts and investigating threa...

1,829

ianhelle on 09-30-2019 08:27 AM

Use Threat Intelligence in your hunting/investigation notebooks? Ever wanted to lookup an IoC in multiple TI providers w...

3,451

Ofer_Shezaf on 09-24-2019 11:30 PM

I am happy to announce that Azure Sentinel is now GA - That is Generally Available! The "preview" label has disappeared....

2,460

Ofer_Shezaf on 09-19-2019 02:11 PM

The Sentinel data connectors page does not include the source you need. What do you do next? Custom connectors may be th...

2,168

Ofer_Shezaf on 09-18-2019 02:00 AM

As we move closer to general availability (GA), you will see many changes in the Azure Sentinel. While true to the cloud...

11.2K

Tiander Turpijn on 08-31-2019 02:58 PM

When you register the Microsoft.Security Resource Provider (RP) for a subscription and want to start using Azure Securit...

1,434

Yuri Diogenes on 08-22-2019 07:35 PM

3,002

Ofer_Shezaf on 08-19-2019 01:43 PM

Whether deployed in the cloud, on-prem VMs or even physical machines, those are probably still the most significant atta...

3,564

Ofer_Shezaf on 08-13-2019 11:53 PM

Want to connect a source system to Sentinel to send events? The chances are that it supported streaming events using Sys...

2,597

Ofer_Shezaf on 08-07-2019 02:30 AM

Ever wondered how to connect Azure Estate, Azure PaaS services or even Intune telemetry to Azure Sentinel? Learn how to ...

4,289

Ashwin_Patil on 07-31-2019 07:45 AM

This article will discuss the use case of detecting network beaconing via intra-request time delta patterns using KQL (K...

Latest Comments

in Ingest Office 365 DLP Events into Azure Sentinel on 12-05-2019

In the code example where you are searching for "DLPRuleMatch" why do you do use where Operation contains "DLP" before where Operation == "DLPRuleMatch" ? Does that make the query faster?

0 Likes

in Azure Sentinel correlation rules: the join KQL operator on 12-05-2019

Thanks @Gary Bushey! fixed. I really need to get an exception to run Grammarly in Chrome. Corporate policy does not allow me which means I am cutting and pasting parts back and forth, and those are the results :(

0 Likes

in Azure Sentinel correlation rules: the join KQL operator on 12-05-2019

I think in the line "By setting the If the join and additional conditions return results, an alert is triggered. ", the first 3 words should not be there. This is in the 3rd paragraph under the Correlating using Joins header

0 Likes

in Using Azure Lighthouse and Azure Sentinel to Monitor Across Multiple Tenants on 12-05-2019

@Thijs Lecomte : you can use ARM. See here and here.

2 Likes

in Using Azure Lighthouse and Azure Sentinel to Monitor Across Multiple Tenants on 12-04-2019

Is there any way to easily deploy playbooks to different tenants at once? That way you can keep a baseline for all customers

0 Likes

Azure Sentinel correlation rules: the join KQL operator

Using Azure Lighthouse and Azure Sentinel to Monitor Across Multiple Tenants

Ingest Office 365 DLP Events into Azure Sentinel

Azure Sentinel correlation rules: Active Lists out; make_list() in, the AAD/AWS correlation example

Hunting for Capital One Breach TTPs in AWS logs using Azure Sentinel - Part II

Best Practices for Common Event Format (CEF) collection in Azure Sentinel

Hunting for Capital One Breach TTPs in AWS logs using Azure Sentinel - Part I

Azure Sentinel – Microsoft Ignite 2019 Recap

Using the new built-in URL detonation in Azure Sentinel

Azure Sentinel and Azure Arc

Try Azure Sentinel Alongside Your Existing SIEM

Ingesting Office 365 Alerts with Graph Security API

Upcoming Azure Sentinel training webinars

How to use Azure Sentinel to follow a Users travel and map their location

How to use Azure Monitor Workbooks to map Sentinel data

Table Level RBAC In Azure Sentinel

Azure Sentinel at Microsoft Ignite

New: Per data type retention is now available for Azure Sentinel

Identifying Threat Hunting opportunities in your data

What am I looking at? - Using Notebooks to gain situational awareness.

Using Threat Intelligence in your Jupyter Notebooks

Azure Sentinel is now Generally Available!

Azure Sentinel: Creating Custom Connectors

Preparing towards Azure Sentinel's GA

Best practices for designing an Azure Sentinel or Azure Security Center Log Analytics workspace

Upcoming Changes to Fusion in Azure Sentinel

Azure Sentinel Agent: Collecting telemetry from on-prem and IaaS server

Azure Sentinel: The Syslog and CEF source configuration grand list

Azure Sentinel: Collecting logs from Microsoft Services and Applications

Detect Network beaconing via Intra-Request time delta patterns in Azure Sentinel