Microsoft Sentinel Blog

Options
1,663
GBushey on Jun 12 2024 07:06 AM
2,132
VipulDabhi on May 23 2024 11:23 AM
1,837
jeffsc on May 13 2024 08:00 AM
7,412
MichalShechter on May 06 2024 09:07 AM
5,035
Israel_Aloni on May 06 2024 08:47 AM
2,998
Eric Burkholder on May 06 2024 06:00 AM
25.6K
robeving on Apr 26 2024 07:51 PM
3,329
Umesh_Nagdev on Apr 19 2024 07:55 AM
2,342
jeffsc on Apr 15 2024 11:17 AM
2,369
jeffsc on Apr 15 2024 11:17 AM
5,734
Preeti_Krishna on Mar 28 2024 02:56 PM
6,804
Matt_Lowe on Mar 14 2024 05:21 PM
4,594
Umesh_Nagdev on Feb 20 2024 07:04 AM
3,677
Josefa-Sepulveda on Feb 08 2024 07:58 AM
6,128
BenjiSec on Feb 06 2024 04:03 AM
6,048
PrateekTaneja on Feb 04 2024 10:22 PM
6,272
madesous on Jan 17 2024 05:27 AM
3,787
GBushey on Jan 16 2024 07:20 AM
4,389
VipulDabhi on Jan 08 2024 11:11 AM
7,079
timurengin on Jan 08 2024 11:10 AM
28.2K
Josefa-Sepulveda on Jan 02 2024 02:24 AM
52.9K
Arjun_Trivedi on Nov 29 2023 10:13 PM
10.6K
skochavi on Nov 27 2023 01:21 PM
9,230
ShaharAviv on Nov 20 2023 10:27 PM
7,137
Eric Burkholder on Nov 15 2023 02:26 PM
66.1K
Erez Einav on Nov 15 2023 08:00 AM
6,068
mahmoudmsft on Nov 08 2023 10:02 AM

Latest Comments

@Matt Egen Wondering if you were able to add the steps mentioned under "further improvements" ? Would love to see the traditional WHOIS query part in the code
0 Likes
Hi, When I insert a hyperlink in the task list, like in the example you've provided - <a target='_blank' href=’https://www.microsoft.com/en-us/’>Microsoft Homepage</a>When the Watchlist task gets generated in the Sentinel alert, if we click on the hyperlink, it comes up with a 'Page not found', with...
0 Likes
The most important part of this story was left out. How does the largest corporation in the world allow a sub domain to be created under their main domain? This implies they had access to DNS or Azure somehow allows any customer to create a sub domain under microsoft.com.
0 Likes
in Debugging Playbooks on Jun 12 2024 09:18 AM
Thanks for the runthrough! :) always usefull.I have to add, for me who is learning to create some basic playbooks - it would be superhelpfull if it was possible to chose some modules (like the "microsoft incident" and be able to trigger it from the builder (ie: press "run/play-button") just to see r...
0 Likes
@robeving wrote:Provision a cloud Azure resource with the same name and now visiting blog.somedomain.com will redirect to the attacker’s resource. Here they control the content. [...] This happened in 2021 when the domain was temporarily used to host a malware C2 service.I've seen plenty of phishing...
1 Likes