Thanks to Javier Soriano, Principal Product Manager - OneSOC Customer Experience Engineering, for the peer review Introduction Although the recommended approach is to not have multiple SIEM solut...

Co-author - Ashwin Patil Security teams today face an overwhelming challenge: every data point is now a potential security signal and SOCs are drowning in complex logs, trying to find the needle in...

Key updates On April 3, 2025, we publicly previewed two new tables to support STIX (Structured Threat Information eXpression) indicator and object schemas: ThreatIntelIndicators and ThreatIntelObje...

Welcome to the third entry of our blog series on automating Microsoft Sentinel. In this series, we’re showing you how to automate various aspects of Microsoft Sentinel, from simple automation of Se...

Introduction A huge thank you to MariaSousaValadas​ for contributing and reviewing this post In a SIEM you may need to upload data for correlation, such as high value assets, IP ranges from your ...

Microsoft Sentinel is moving to the Microsoft Defender portal to deliver a unified, AI-powered security operations experience. Many customers have already made the move. Learn how to plan your transi...

As organizations continue to scale their security operations, managing the volume and cost of data ingestion becomes increasingly critical. Microsoft Sentinel’s new Summary Rules Templates offer a st...

In the ever-evolving landscape of cybersecurity, both automation and infrastructure-as-code (IaC) have become indispensable. SIEM solutions, traditionally known for their complex configurations and m...

In March, Case Management went to GA status within the unified portal for customers. This introduced new functionality and experiences such as: A new case queue Custom statuses New Case task ...