Microsoft Sentinel Blog

Options
1,356
romarsia on Jun 22 2022 05:21 AM
2,261
RijutaKapoor on Jun 16 2022 03:26 PM
4,741
TJBanasik on Jun 08 2022 09:42 AM
1,515
RijutaKapoor on Jun 07 2022 12:06 PM
2,132
Matt_Lowe on Jun 07 2022 12:03 PM
4,567
Preeti_Krishna on Jun 06 2022 01:48 PM
1,497
Sarah Fender on Jun 06 2022 08:00 AM
1,501
romarsia on Jun 06 2022 05:37 AM
900
Rafik Gerges on Jun 03 2022 05:54 AM
4,082
JannieLi on Jun 02 2022 01:32 PM
1,869
liortamir on May 31 2022 09:24 AM
2,718
AmritpalSingh on May 31 2022 08:46 AM
1,984
Ely_Abramovitch on May 25 2022 10:33 AM
1,689
RijutaKapoor on May 24 2022 02:15 PM
4,663
TJBanasik on May 16 2022 09:31 AM
2,997
Ely_Abramovitch on May 15 2022 04:54 AM
2,448
Rafik Gerges on May 13 2022 06:19 AM
1,821
TJBanasik on May 12 2022 07:30 AM
4,033
ShaharAviv on May 11 2022 03:12 PM
2,521
RijutaKapoor on May 09 2022 10:28 AM
4,150
Sarah Fender on May 09 2022 05:30 AM
1,371
MSFT_AndrewLomakin on May 09 2022 05:30 AM
1,868
liortamir on May 08 2022 12:09 PM
3,108
BenjiSec on May 06 2022 03:39 AM
1,552
jocarolo on May 02 2022 04:01 PM
2,601
BenjiSec on Apr 29 2022 06:22 AM
6,062
TJBanasik on Apr 26 2022 06:11 AM
1,740
Inwafula on Apr 16 2022 05:47 PM

Latest Comments

This is a fabulous workbook! Just looking under the hood shows me how much work and thought has gone into it. This helps immensely.The only thing I would ask you to add is to make this easier for reporting, such as have a section for all Rules and the name of the Tables used in front of it, so that ...
0 Likes
I believe the reason you are getting the Collection ID error is because in the guide it references a collection ID that is not available to free tier subscriptions. On the Taxii documentation if you scroll down to the section title "GET request to /taxii2/api/collections with parameters:" and hit se...
0 Likes
Thank you very much for the article.How do we specify to which workspace the logs should be sent? What if we have more than one Sentinel instance? Thanks
0 Likes
Threat intelligence matching analytics only process DNS queries for IPv4 (QueryType="A"). Is this meant to say that the matching is done against the response? The query itself would only contain the hostname for which an IP address is desired.
0 Likes
Is it possible to stop the DLP alerts creating Incident ID's within Sentinel without disconnecting the connectors?We were keeping DLP alerts strictly at Defender, then with no manual change performed DLP alerts started popping Incidents within our Sentinel and we haven't find a way t make it stop, D...
0 Likes