Home
Home
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Azure Sentinel
Copied!
Home
Options
365

The Syslog and CEF source configuration grand list

Ofer_Shezaf on 08-13-2019 11:53 PM
Want to connect a source system to Sentinel to send events? The chances are that it supported streaming events using Sys...
544

Collecting Azure PaaS services logs in Azure Sentinel

Ofer_Shezaf on 08-07-2019 02:30 AM
Ever wondered how to connect Azure PaaS services telemetry to Azure Sentinel? Learn how to do it here.
2,802

Detect Network beaconing via Intra-Request time delta patterns in Azure Sentinel

Ashwin_Patil on 07-31-2019 07:45 AM
This article will discuss the use case of detecting network beaconing via intra-request time delta patterns using KQL (K...
1,176

Tip: Easily use JSON fields in Sentinel

Ofer_Shezaf on 07-22-2019 05:15 PM
Learn how to easily extract values embedded in JSON constructs in Sentinel as primary fields for easy viewing, filtering...
1,452

Using KQL functions to speed up analysis in Azure Sentinel

Pete Bryan on 06-25-2019 08:27 AM
Security Operations can often be a very repetitive role. As a security analyst you will often find yourself conducting t...
2,580

msticpy - Python Defender Tools

ianhelle on 06-17-2019 08:27 AM
msticpy is a package of python tools intended to be used for security investigations and hunting (primarily in Jupyter n...
2,567

Time Series visualization of Palo Alto logs to detect data exfiltration

Ashwin_Patil on 06-10-2019 07:44 AM
This article will continue discussion on practical time series analysis applications in security with another use case f...
2,722

Importing Sigma Rules to Azure Sentinel

ianhelle on 06-05-2019 05:02 PM
Browse, convert and test Sigma rules for use in Azure Sentinel.  
2,143

Looking for unknown anomalies - what is normal? Time Series analysis & its applications in Security

Ashwin_Patil on 05-15-2019 07:00 AM
This article provides a practical outline for using Time Series analysis to surface anomalies on security event log data...
2,367

Security Investigation with Azure Sentinel and Jupyter Notebooks – Part 3

ianhelle on 05-13-2019 06:32 AM
In part 3 we investigate Windows logon sessions and processes, and look at O365 activity. Also show how to use clusterin...
2,034

Time series analysis applied in a security hunting context

Tim Burrell (MSTIC) on 05-01-2019 08:34 AM
This article expands on the time series analysis example given in the "Machine learning powered detections with Kusto qu...
2,829

Security Investigation with Azure Sentinel and Jupyter Notebooks – Part 2

ianhelle on 04-25-2019 05:11 PM
In this second part we examine a Linux host for signs of compromise and look at network flows to trace where else our at...
1,912

Why Use Jupyter for Security Investigations?

ianhelle on 04-22-2019 08:27 AM
"Why would I use Jupyter notebooks to work with Azure Sentinel data rather than the built-in query and investigation too...
6,378

Security Investigation with Azure Sentinel and Jupyter Notebooks – Part 1

ianhelle on 04-16-2019 08:22 AM
This is first of a three-part series about using Jupyter notebooks in Azure Sentinel to trace the path of a security bre...
4,446

Azure Sentinel: Performing Additional Security Monitoring of High-Value Accounts

shainw on 04-11-2019 09:00 AM
Most environments have high-value accounts and are often attacked. This post shows high-value account monitoring using A...
Latest Comments
Nodrog
in Security Investigation with Azure Sentinel and Jupyter Notebooks – Part 2 on 08-14-2019
Ah I see. So why can't Sentinel use LinuxAudit? Sorry if this is the wrong place to ask but I'm trying to get LinuxAudit working at the moment and the data doesn't seem to show up in the workspace.I wasn't sure if it had been silently retired or something. I've had a support request open for a while...
0 Likes
ianhelle
in Security Investigation with Azure Sentinel and Jupyter Notebooks – Part 2 on 08-14-2019
@Nodrog Yep. Russell (author of the blog) is in the same team as me and I have been working with the OMS auditd data for a while in Azure Security Center. Unfortunately, this isn't yet there in the Azure Sentinel implementation - so this is a kind of stop-gap until it arrives. More generally though,...
0 Likes
Nodrog
in Security Investigation with Azure Sentinel and Jupyter Notebooks – Part 2 on 08-14-2019
So why do you need to import it as a custom log?The omsagent is supposed to support auditd through the auoms extension. Here's a blog post about it
0 Likes
Yuri Diogenes
in Integrating Azure Security Center with Azure Sentinel on 07-30-2019
Hello @oshrih7145 Recently we announced Azure Lighthouse (see https://docs.microsoft.com/en-us/azure/lighthouse/concepts/cross-tenant-management-experience for more info), and this enables Azure Sentinel for the multi-tenant scenario.
0 Likes
oshrih7145
in Integrating Azure Security Center with Azure Sentinel on 07-27-2019
helloIs it possible to connect azure sentinel for multiple azure ad tenants, so we can control and audit a different directory, which is not under the tenanted generated by sentinel workspace ?
0 Likes