This is a fabulous workbook! Just looking under the hood shows me how
much work and thought has gone into it. This helps immensely.The only
thing I would ask you to add is to make this easier for reporting, such
as have a section for all Rules and the name of the Tables used in front
of it, so that ...
I believe the reason you are getting the Collection ID error is because
in the guide it references a collection ID that is not available to free
tier subscriptions. On the Taxii documentation if you scroll down to the
section title "GET request to /taxii2/api/collections with parameters:"
and hit se...
Thank you very much for the article.How do we specify to which workspace
the logs should be sent? What if we have more than one Sentinel
instance? Thanks
Threat intelligence matching analytics only process DNS queries for IPv4
(QueryType="A"). Is this meant to say that the matching is done against
the response? The query itself would only contain the hostname for which
an IP address is desired.
Is it possible to stop the DLP alerts creating Incident ID's within
Sentinel without disconnecting the connectors?We were keeping DLP alerts
strictly at Defender, then with no manual change performed DLP alerts
started popping Incidents within our Sentinel and we haven't find a way
t make it stop, D...
Latest Comments