Azure Sentinel

Options

1,433

Ofer_Shezaf on 10-16-2019 11:15 PM

The capability to set the retention period per data type is now available for Log Analytics and Azure Sentinel. Setting ...

1,759

shainw on 10-15-2019 08:56 AM

Azure Sentinel allows for a very nice investigation experience when pivoting on interesting entities that are brought to...

1,629

Pete Bryan on 10-07-2019 10:00 AM

Contextual knowledge can have a big impact on a security analysts decisions when triaging alerts and investigating threa...

1,435

ianhelle on 09-30-2019 08:27 AM

Use Threat Intelligence in your hunting/investigation notebooks? Ever wanted to lookup an IoC in multiple TI providers w...

3,141

Ofer_Shezaf on 09-24-2019 11:30 PM

I am happy to announce that Azure Sentinel is now GA - That is Generally Available! The "preview" label has disappeared....

1,535

Ofer_Shezaf on 09-19-2019 02:11 PM

The Sentinel data connectors page does not include the source you need. What do you do next? Custom connectors may be th...

2,013

Ofer_Shezaf on 09-18-2019 02:00 AM

As we move closer to general availability (GA), you will see many changes in the Azure Sentinel. While true to the cloud...

9,570

Tiander Turpijn on 08-31-2019 02:58 PM

When you register the Microsoft.Security Resource Provider (RP) for a subscription and want to start using Azure Securit...

1,214

Yuri Diogenes on 08-22-2019 07:35 PM

2,332

Ofer_Shezaf on 08-19-2019 01:43 PM

Whether deployed in the cloud, on-prem VMs or even physical machines, those are probably still the most significant atta...

1,800

Ofer_Shezaf on 08-13-2019 11:53 PM

Want to connect a source system to Sentinel to send events? The chances are that it supported streaming events using Sys...

1,591

Ofer_Shezaf on 08-07-2019 02:30 AM

Ever wondered how to connect Azure Estate, Azure PaaS services or even Intune telemetry to Azure Sentinel? Learn how to ...

3,860

Ashwin_Patil on 07-31-2019 07:45 AM

This article will discuss the use case of detecting network beaconing via intra-request time delta patterns using KQL (K...

1,594

Ofer_Shezaf on 07-22-2019 05:15 PM

Learn how to easily extract values embedded in JSON constructs in Sentinel as primary fields for easy viewing, filtering...

1,207

Cristhofer Munoz on 07-22-2019 07:27 AM

3,288

shainw on 07-01-2019 10:16 AM

2,071

Pete Bryan on 06-25-2019 08:27 AM

Security Operations can often be a very repetitive role. As a security analyst you will often find yourself conducting t...

3,150

ianhelle on 06-17-2019 08:27 AM

msticpy is a package of python tools intended to be used for security investigations and hunting (primarily in Jupyter n...

3,120

Ashwin_Patil on 06-10-2019 07:44 AM

This article will continue discussion on practical time series analysis applications in security with another use case f...

3,367

ianhelle on 06-05-2019 05:02 PM

Browse, convert and test Sigma rules for use in Azure Sentinel.

2,554

Ashwin_Patil on 05-15-2019 07:00 AM

This article provides a practical outline for using Time Series analysis to surface anomalies on security event log data...

2,826

ianhelle on 05-13-2019 06:32 AM

In part 3 we investigate Windows logon sessions and processes, and look at O365 activity. Also show how to use clusterin...

2,030

Tiander Turpijn on 05-10-2019 08:46 AM

2,368

Tim Burrell (MSTIC) on 05-01-2019 08:34 AM

This article expands on the time series analysis example given in the "Machine learning powered detections with Kusto qu...

3,318

ianhelle on 04-25-2019 05:11 PM

In this second part we examine a Linux host for signs of compromise and look at network flows to trace where else our at...

6,362

Yuri Diogenes on 04-25-2019 09:44 AM

2,270

ianhelle on 04-22-2019 08:27 AM

"Why would I use Jupyter notebooks to work with Azure Sentinel data rather than the built-in query and investigation too...

7,297

ianhelle on 04-16-2019 08:22 AM

This is first of a three-part series about using Jupyter notebooks in Azure Sentinel to trace the path of a security bre...

4,968

shainw on 04-11-2019 09:00 AM

Most environments have high-value accounts and are often attacked. This post shows high-value account monitoring using A...

Latest Comments

in What am I looking at? - Using Notebooks to gain situational awareness. on 10-09-2019

Great post Mr Bryan. Looking forward to future posts on how organisations can leverage Microsoft Security Graph to aid threat hunting and breach investigations. Keep up the good work!

1 Likes

in Best practices for designing an Azure Sentinel or Azure Security Center Log Analytics workspace on 10-07-2019

Is there any collateral available to support customer sizing and pricing for a Sentinel deployment ? Pre-Sentinel days, SIEM consumers were accustomed to pricing which was driven by messages/events/GB per day. This stat was underpinned by understanding log sources and equating an average message siz...

0 Likes

in Azure Sentinel is now Generally Available! on 09-25-2019

Great news! /Mattias

2 Likes

in Preparing towards Azure Sentinel's GA on 09-23-2019

Great that the dashboards are replaced by the workbooks! Provides more flexibility. I Did some trial deployments for the customers as well as courses. Luckily didn't deep dive into the Dashboards. Couple of questions: 1. Will the investigation be part of the GA as it just was in a private preview?2....

0 Likes

in Best practices for designing an Azure Sentinel or Azure Security Center Log Analytics workspace on 09-19-2019

Nice article. It's focused on IAAS, I miss other workloads e.g. the Office 365 audit logs or the Dynamics 365 logs, etc. The Office 365 audit logs can be integrated with LA and Sentinel. These logs contain possible PII and sensitive data, which some people e.g. the SOC should not be able to see. The...

0 Likes

New: Per data type retention is now available for Azure Sentinel

Identifying Threat Hunting opportunities in your data

What am I looking at? - Using Notebooks to gain situational awareness.

Using Threat Intelligence in your Jupyter Notebooks

Azure Sentinel is now Generally Available!

Azure Sentinel: Creating Custom Connectors

Preparing towards Azure Sentinel's GA

Best practices for designing an Azure Sentinel or Azure Security Center Log Analytics workspace

Upcoming Changes to Fusion in Azure Sentinel

Azure Sentinel Agent: Collecting telemetry from on-prem and IaaS server

Azure Sentinel: The Syslog and CEF source configuration grand list

Azure Sentinel: Collecting logs from Microsoft Services and Applications

Detect Network beaconing via Intra-Request time delta patterns in Azure Sentinel

Tip: Easily use JSON fields in Sentinel

Sending Proofpoint TAP logs to Azure Sentinel

Azure Sentinel Blog - Table of Contents

Using KQL functions to speed up analysis in Azure Sentinel

msticpy - Python Defender Tools

Time Series visualization of Palo Alto logs to detect data exfiltration

Importing Sigma Rules to Azure Sentinel

Looking for unknown anomalies - what is normal? Time Series analysis & its applications in Security

Security Investigation with Azure Sentinel and Jupyter Notebooks – Part 3

Sending REST API data to Azure Sentinel

Time series analysis applied in a security hunting context

Security Investigation with Azure Sentinel and Jupyter Notebooks – Part 2

Integrating Azure Security Center with Azure Sentinel

Why Use Jupyter for Security Investigations?

Security Investigation with Azure Sentinel and Jupyter Notebooks – Part 1

Azure Sentinel: Performing Additional Security Monitoring of High-Value Accounts