cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Microsoft Sentinel Blog
Options
1,356

Correlating Microsoft Defender for Cloud alerts in Sentinel

romarsia on Jun 22 2022 05:21 AM
Incident load is one of the major pain points of modern SOC. One of the methods used to manage alert fatigue is using gr...
2,261

Microsoft Threat Intelligence Matching Analytics: IP Detections

RijutaKapoor on Jun 16 2022 03:26 PM
Microsoft Threat Intelligence Matching Analytics: IP Detections
4,741

I'm Being Attacked, Now What?

TJBanasik on Jun 08 2022 09:42 AM
Learn how to respond to attacks with the Microsoft Sentinel: Threat Analysis & Response Solution while applying SOAR rem...
1,515

Import Pulsedive Feed into Microsoft Sentinel

RijutaKapoor on Jun 07 2022 12:06 PM
Bring threat intelligence from Pulsedive into Microsoft Sentinel using TAXII Data Connector
2,132

Plan, Track, and Configure Your Microsoft Sentinel Deployment/Migration with This New Workbook

Matt_Lowe on Jun 07 2022 12:03 PM
Planning and executing a SIEM deployment/migration can get a little messy. To assist with this process for Microsoft Sen...
4,567

Announcing the Microsoft Sentinel Hackathon Spring 2022 winners

Preeti_Krishna on Jun 06 2022 01:48 PM
Check out the Microsoft Sentinel Hackathon Spring 2022 winners and the awesome cybersecurity solutions!
1,497

Celebrating the Microsoft Sentinel Ecosystem at RSAC 2022

Sarah Fender on Jun 06 2022 08:00 AM
At the RSA Conference this week, where hundreds of security vendors, researchers, and analysts will converge in San Fran...
1,501

Analytic rules - 'Sentinel entities' new entity type

romarsia on Jun 06 2022 05:37 AM
Kusto Query Language(KQL) is a powerful tool to explore your data, helping you discover patterns, identify anomalies and...
900

Using Forcepoint NGFW advanced workbook to gain deep security analytics and insights

Rafik Gerges on Jun 03 2022 05:54 AM
This workbook will help you gain deep security insights, application protocol analytics, as well as monitoring the admin...
4,082

Guided Hunting Notebook: Azure Resource Explorer

JannieLi on Jun 02 2022 01:32 PM
While hunting in Azure, you might find yourself pivoting from one resource to another or find that you may want to see t...
1,869

What’s new: Automate full incident lifecycle with incident update triggers

liortamir on May 31 2022 09:24 AM
Teams can now create automation rules and playbooks which run when incident fields are modified – for example, when an o...
2,718

Export Historical Log Data from Microsoft Sentinel

AmritpalSingh on May 31 2022 08:46 AM
Big data security analytics and ML requires data ETL that is both flexible and highly performant and scalable. In this b...
1,984

What’s new: incident expansion – relate alerts to incidents

Ely_Abramovitch on May 25 2022 10:33 AM
Expand the scope of your investigation and track sophisticated attacks with Microsoft Sentinel
1,689

Import ReversingLab’s Ransomware Feed into Microsoft Sentinel

RijutaKapoor on May 24 2022 02:15 PM
Bring threat intelligence from ReversingLabs into Microsoft Sentinel using TAXII Data Connector to combat Ransomware att...
4,663

Announcing the Microsoft Sentinel: NIST SP 800-53 Solution

TJBanasik on May 16 2022 09:31 AM
The Microsoft Sentinel: NIST SP 800-53 Solution enables compliance teams, architects, SecOps analysts, and consultants t...
2,997

What's new: Similar incidents in Microsoft Sentinel

Ely_Abramovitch on May 15 2022 04:54 AM
Uncover connections to other incidents that are similar to the one you are investigating with the new Similar incidents ...
2,448

Automating bulk onboarding of Azure IaaS and PaaS resources into Microsoft Sentinel

Rafik Gerges on May 13 2022 06:19 AM
The end-to-end guide details the onboarding of Azure IaaS and PaaS resources into Microsoft Sentinel as well as ensuring...
1,821

Search, Investigate, & Respond to Indicators of Compromise with the Threat Intelligence Workbook

TJBanasik on May 12 2022 07:30 AM
We’re releasing the next evolution of the Threat Intelligence Workbook to provide enhanced capabilities in both indicato...
4,033

What’s new: Closer integration between Microsoft Sentinel and Microsoft 365 Defender

ShaharAviv on May 11 2022 03:12 PM
Over a year ago, we first announced the integration between Microsoft Sentinel and Microsoft 365 Defender as part of the...
2,521

Bring Threat Intelligence from SEKOIA.IO using TAXII data connector

RijutaKapoor on May 09 2022 10:28 AM
Bring Threat Intelligence from SEKOIA.IO using TAXII data connector
4,150

Unleash the Power of Modern SecOps with Microsoft Sentinel SOAR

Sarah Fender on May 09 2022 05:30 AM
Protecting the modern enterprise from increasing cyberthreats requires a modern approach to security operations (SecOps)...
1,371

Microsoft Sentinel for SAP News - Dynamic SAP Security Audit Log Monitor feature available now!

MSFT_AndrewLomakin on May 09 2022 05:30 AM
A new public preview feature available this week for Microsoft Sentinel for SAP solution, that allows to parse most of t...
1,868

What's new: Power-up automation with Logic Apps Standard

liortamir on May 08 2022 12:09 PM
Now available: Automate response, run on-demand and manage Logic Apps Standard playbooks with Microsoft Sentinel. Logic ...
3,108

Using Microsoft Teams Adaptive Cards to enhance incident response in Microsoft Sentinel

BenjiSec on May 06 2022 03:39 AM
With the Microsoft Teams Logic App connector, we can utilize Adaptive Cards to send notifications to Teams and/or ask fo...
1,552

Transferring Microsoft Sentinel scheduled alert rules between different workspaces using PowerShell

jocarolo on May 02 2022 04:01 PM
In this article we are going to explain the process to transfer scheduled alert rules between different workspaces.
2,601

New watchlist actions available for watchlist automation using Microsoft Sentinel SOAR

BenjiSec on Apr 29 2022 06:22 AM
Recently, we have published new Microsoft Sentinel API endpoints focused on a watchlist. Together with these APIs, we al...
6,062

Announcing the Microsoft Sentinel: Cybersecurity Maturity Model Certification (CMMC) 2.0 Solution

TJBanasik on Apr 26 2022 06:11 AM
Are you interested in maturing your security operations center capabilities? Do you need to align your cloud, multi-clou...
1,740

Use the bulk update feature with Microsoft Sentinel Watchlists

Inwafula on Apr 16 2022 05:47 PM
Watchlists within Microsoft Sentinel are commonly used to work in conjunction with Analytics rules to achieve several us...

Latest Comments

GrcAA
in Log sources and analytics rules coverage workbook: see how your tables are being used on Jun 21 2022 10:47 PM
This is a fabulous workbook! Just looking under the hood shows me how much work and thought has gone into it. This helps immensely.The only thing I would ask you to add is to make this easier for reporting, such as have a section for all Rules and the name of the Tables used in front of it, so that ...
0 Likes
jostuffl
in Import Pulsedive Feed into Microsoft Sentinel on Jun 21 2022 07:51 PM
I believe the reason you are getting the Collection ID error is because in the guide it references a collection ID that is not available to free tier subscriptions. On the Taxii documentation if you scroll down to the section title "GET request to /taxii2/api/collections with parameters:" and hit se...
0 Likes
Sergei2435
in Integrating open source threat feeds with MISP and Sentinel on Jun 21 2022 12:26 PM
Thank you very much for the article.How do we specify to which workspace the logs should be sent? What if we have more than one Sentinel instance? Thanks
0 Likes
kimberlyrei
in Microsoft Threat Intelligence Matching Analytics: IP Detections on Jun 20 2022 12:39 PM
Threat intelligence matching analytics only process DNS queries for IPv4 (QueryType="A"). Is this meant to say that the matching is done against the response? The query itself would only contain the hostname for which an IP address is desired.
0 Likes
Victorfcorona
in Ingest Office 365 DLP Events into Azure Sentinel on Jun 17 2022 11:50 AM
Is it possible to stop the DLP alerts creating Incident ID's within Sentinel without disconnecting the connectors?We were keeping DLP alerts strictly at Defender, then with no manual change performed DLP alerts started popping Incidents within our Sentinel and we haven't find a way t make it stop, D...
0 Likes