cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Microsoft Sentinel Blog
Microsoft Entra Tech Accelerator: Part 2 of 2
Jul 20 2023, 08:00 AM - 10:30 AM (PDT)
Microsoft Tech Community
Find out more
Options
407

Split Microsoft Sentinel Tables with Multi-Destination Data Collection Rules

Matt_Lowe on Jun 29 2023 03:42 PM
Learn how a new functionality in Azure Monitor enables data collection rules to split tables as they bring data in.
3,507

Introducing the Microsoft Sentinel Triage Assistant (STAT)

Matt_Lowe on Jun 15 2023 02:36 PM
Looking to build out your approach to Microsoft Sentinel automation? Check out this solution made by Paul Bergson, Matt ...
1,964

NCS Case Study - End-to-End Integration of Custom BYOML model with Sentinel

JulianGonzalez on May 23 2023 07:00 AM
Explore how NCS integrates their graph-based machine learning algorithm with Azure Sentinel via BYO-ML platform, tacklin...
3,143

Revolutionize your SAP Security with Microsoft Sentinel's SOAR Capabilities

NChristis on May 22 2023 10:03 AM
The purpose of this blog post is to demonstrate how the SOAR capabilities of Sentinel can be utilized in conjunction wit...
5,063

Create, Edit, and Monitor Data Collection Rules with the Data Collection Rule Toolkit

Matt_Lowe on May 02 2023 04:27 PM
Looking for a way to centrally create, monitor, and modify data collection rules for Microsoft Sentinel? Check out this ...
6,132

RSAC 2023: Microsoft Sentinel empowering the SOC with next-gen SIEM

Israel_Aloni on Apr 24 2023 05:57 AM
To provide customers with a comprehensive and integrated security solution, Microsoft Sentinel harnesses the strong and ...
13.9K

Announcing Microsoft Sentinel All-in-One v2

Javier Soriano on Apr 19 2023 08:28 AM
Automate Microsoft Sentinel deployment and configuration with the new version of Microsoft Sentinel All-in-One
11.8K

Advanced Workbook Concepts with Workbooks 202

Matt_Lowe on Mar 31 2023 02:42 PM
Looking to advance your knowledge in Workbooks? You'll find some great content here.
5,992

What's new with Microsoft Sentinel at Secure

Israel_Aloni on Mar 28 2023 05:45 AM
Microsoft Sentinel has new features that will help defenders scale their security operations, stay ahead of evolving thr...
2,434

What’s new: Sentinel Solution for SAP BTP

Will King on Mar 28 2023 04:15 AM
Introducing the Sentinel Solution for SAP BTP, a security solution designed to address security concerns in low-code dev...
6,042

What’s New: Introducing Microsoft Sentinel Network Session Essentials solution

kavishbakshi on Mar 20 2023 05:54 AM
Checkout this new Microsoft Sentinel Network Session Essentials solution
5,819

[Coming soon] Microsoft Sentinel out-of-the-box content centralization!

Preeti_Krishna on Mar 09 2023 01:00 PM
Check out the upcoming Microsoft Sentinel OOTB content centralization changes and be informed of the necessary actions!
4,516

Tutorial: Get started with Azure WAF investigation Notebook

sowmyam on Mar 01 2023 03:25 AM
In this blog, we introduce you to the Azure WAF guided investigation Notebook using Microsoft Sentinel, which lets you i...
7,957

ACSC Essential 8 – Health Report in Microsoft Sentinel

FarahCh on Mar 01 2023 03:22 AM
A new Sentinel Workbook aimed to help organisations increase their compliance posture against the Australian Cyber Secur...
7,163

Anomaly detection and Explanation with Isolation Forest and SHAP using Microsoft Sentinel Notebooks

Ashwin_Patil on Feb 24 2023 07:45 AM
In this blog, we will demonstrate how you can identify anomalous Windows logon sessions using an Isolation Forest algori...
7,119

Designs for Accomplishing Microsoft Sentinel Scalable Ingestion

Matt_Lowe on Feb 13 2023 02:51 PM
Looking to accomplish scalable ingestion for Microsoft Sentinel with the Azure Monitor Agent? Check out this blog to get...
5,201

What’s new: Monitor the health and audit the integrity of your analytics rules.

Jeremy Tan on Feb 08 2023 01:47 AM
Introducing the new health and auditing monitoring capabilities for Analytics Rules
2,725

Detect capture-replay vulnerabilities & exploits with the Sentinel solution for SAP® applications

OferInbar on Feb 03 2023 04:22 AM
With CVE-2023-0014, we learn of a weakness in the remote function call (RFC) framework of SAP. We have added two detecti...
19.6K

[What's New] Extract Actionable Intelligence from Text-based Threat Intel using Sentinel Notebook

vani_asawa on Feb 02 2023 03:53 AM
Understand an Attacker’s motives from Text-based Threat Intelligence using Sentinel Notebooks
10.8K

The new incident experience is here!

MichalShechter on Jan 18 2023 08:31 AM
Introducing new investigation tools and layout, the new incident page is now available for quicker and deeper triage, in...
4,417

Microsoft Sentinel Solution for SAP® Applications - New data exfiltration detection rules

KobyMymon on Jan 16 2023 06:44 AM
On August 2022, Microsoft Sentinel solution for SAP was made generally available (GA). Together with releasing the Micro...
3,273

What’s New: Fusion Incident Investigation Notebook

Sylvie_Liu on Jan 12 2023 08:53 AM
To help security analysts better understand and investigate Fusion incidents, we released an investigation notebook “Gui...
8,052

A Look at Different Options for Storing and Searching Sentinel Archived Logs

inbalsilis on Jan 11 2023 10:46 AM
As an Azure Sentinel user, you know the importance of having a secure and accessible backup of your log data. In this bl...
4,747

Switching to Key Vault Secrets usage for Function App based Microsoft Sentinel Data Connectors

PrateekTaneja on Jan 03 2023 03:56 AM
Microsoft Sentinel’s REST – API based data connectors (powered by Azure Function Apps) a lot of times use secrets and ke...
4,995

MSTICPy Hack Month - February 2023

Pete Bryan on Dec 14 2022 10:48 AM
MSTICPy is the Microsoft Threat Intelligence Center’s (MSTIC) Open-Source library of Python tools to help security analy...
9,445

What's New: More NEW Microsoft Sentinel SOAR solutions

kavishbakshi on Dec 13 2022 10:36 AM
Checkout these new Microsoft Sentinel SOAR solutions 
4,291

Azure Active Directory Identity Protection user account enrichments removed: how to mitigate impact

skochavi on Dec 13 2022 05:01 AM
AADIP connector no longer contains user account enrichment fields. In this post we'll offer mitigation steps you can tak...
5,015

What’s new: Run playbooks on entities on-demand

liortamir on Dec 12 2022 04:17 AM
SOC analysts can take action on a selected entity while investigating an incident or hunting entities; SOC engineers can...

Latest Comments

Kris_Deb_e2e
in Introducing the Microsoft Sentinel Triage Assistant (STAT) on Jun 26 2023 02:45 AM
This is amazing and very promising, thank you for this extremely informative article.
0 Likes
garis550
in Azure Sentinel Side-by-Side with Splunk on Jun 23 2023 01:12 AM
This guide is old and out of date. Workarounds are to use another connector that allows to directly query the log analytics workspace Splunk Add on for Microsoft Azure | Splunkbase And setting this up to run every 5 minutes with a query like: SecurityIncident | where ingestion_time() > ago(6m) Or ex...
0 Likes
bobsyouruncle
in Testing the New Version of the Windows Security Events Connector with Azure Sentinel To-Go! on Jun 21 2023 06:24 AM
Thanks dog :)I didn't think AMA was supported on wind10, just servers.And what's DCA?
0 Likes
Cyb3rWard0g
in Testing the New Version of the Windows Security Events Connector with Azure Sentinel To-Go! on Jun 20 2023 07:47 AM
Hello @bobsyouruncle , the document actually says to use AMA. Create Deployment Template We can easily add all those ARM templates to an ‘Azure Sentinel & Win10 Workstation’ basic template. We just need to make sure we install the Azure Monitor Agent instead of the Log Analytics one, and enable the ...
1 Likes
bobsyouruncle
in Testing the New Version of the Windows Security Events Connector with Azure Sentinel To-Go! on Jun 20 2023 06:43 AM
is this article now obsolete?shouldn't we be using the AMA agent?
0 Likes