cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Microsoft Sentinel Blog
Microsoft Secure Tech Accelerator
Apr 13 2023, 07:00 AM - 12:00 PM (PDT)
Microsoft Tech Community
Find out more
Options
5,810

Advanced Workbook Concepts with Workbooks 202

Matt_Lowe on Mar 31 2023 02:42 PM
Looking to advance your knowledge in Workbooks? You'll find some great content here.
3,198

What's new with Microsoft Sentinel at Secure

Israel_Aloni on Mar 28 2023 05:45 AM
Microsoft Sentinel has new features that will help defenders scale their security operations, stay ahead of evolving thr...
866

What’s new: Sentinel Solution for SAP BTP

Will King on Mar 28 2023 04:15 AM
Introducing the Sentinel Solution for SAP BTP, a security solution designed to address security concerns in low-code dev...
3,889

What’s New: Introducing Microsoft Sentinel Network Session Essentials solution

kavishbakshi on Mar 20 2023 05:54 AM
Checkout this new Microsoft Sentinel Network Session Essentials solution
4,198

[Coming soon] Microsoft Sentinel out-of-the-box content centralization!

Preeti_Krishna on Mar 09 2023 01:00 PM
Check out the upcoming Microsoft Sentinel OOTB content centralization changes and be informed of the necessary actions!
3,264

Tutorial: Get started with Azure WAF investigation Notebook

sowmyam on Mar 01 2023 03:25 AM
In this blog, we introduce you to the Azure WAF guided investigation Notebook using Microsoft Sentinel, which lets you i...
5,846

ACSC Essential 8 – Health Report in Microsoft Sentinel

FarahCh on Mar 01 2023 03:22 AM
A new Sentinel Workbook aimed to help organisations increase their compliance posture against the Australian Cyber Secur...
5,041

Anomaly detection and Explanation with Isolation Forest and SHAP using Microsoft Sentinel Notebooks

Ashwin_Patil on Feb 24 2023 07:45 AM
In this blog, we will demonstrate how you can identify anomalous Windows logon sessions using an Isolation Forest algori...
4,999

Designs for Accomplishing Microsoft Sentinel Scalable Ingestion

Matt_Lowe on Feb 13 2023 02:51 PM
Looking to accomplish scalable ingestion for Microsoft Sentinel with the Azure Monitor Agent? Check out this blog to get...
3,980

What’s new: Monitor the health and audit the integrity of your analytics rules.

Jeremy Tan on Feb 08 2023 01:47 AM
Introducing the new health and auditing monitoring capabilities for Analytics Rules
1,979

Detect capture-replay vulnerabilities & exploits with the Sentinel solution for SAP® applications

OferInbar on Feb 03 2023 04:22 AM
With CVE-2023-0014, we learn of a weakness in the remote function call (RFC) framework of SAP. We have added two detecti...
17.6K

[What's New] Extract Actionable Intelligence from Text-based Threat Intel using Sentinel Notebook

vani_asawa on Feb 02 2023 03:53 AM
Understand an Attacker’s motives from Text-based Threat Intelligence using Sentinel Notebooks
9,604

The new incident experience is here!

MichalShechter on Jan 18 2023 08:31 AM
Introducing new investigation tools and layout, the new incident page is now available for quicker and deeper triage, in...
3,526

Microsoft Sentinel Solution for SAP® Applications - New data exfiltration detection rules

KobyMymon on Jan 16 2023 06:44 AM
On August 2022, Microsoft Sentinel solution for SAP was made generally available (GA). Together with releasing the Micro...
2,488

What’s New: Fusion Incident Investigation Notebook

Sylvie_Liu on Jan 12 2023 08:53 AM
To help security analysts better understand and investigate Fusion incidents, we released an investigation notebook “Gui...
5,134

A Look at Different Options for Storing and Searching Sentinel Archived Logs

inbalsilis on Jan 11 2023 10:46 AM
As an Azure Sentinel user, you know the importance of having a secure and accessible backup of your log data. In this bl...
3,591

Switching to Key Vault Secrets usage for Function App based Microsoft Sentinel Data Connectors

PrateekTaneja on Jan 03 2023 03:56 AM
Microsoft Sentinel’s REST – API based data connectors (powered by Azure Function Apps) a lot of times use secrets and ke...
4,274

MSTICPy Hack Month - February 2023

Pete Bryan on Dec 14 2022 10:48 AM
MSTICPy is the Microsoft Threat Intelligence Center’s (MSTIC) Open-Source library of Python tools to help security analy...
7,611

What's New: More NEW Microsoft Sentinel SOAR solutions

kavishbakshi on Dec 13 2022 10:36 AM
Checkout these new Microsoft Sentinel SOAR solutions 
3,335

Azure Active Directory Identity Protection user account enrichments removed: how to mitigate impact

skochavi on Dec 13 2022 05:01 AM
AADIP connector no longer contains user account enrichment fields. In this post we'll offer mitigation steps you can tak...
4,019

What’s new: Run playbooks on entities on-demand

liortamir on Dec 12 2022 04:17 AM
SOC analysts can take action on a selected entity while investigating an incident or hunting entities; SOC engineers can...
2,790

Arm Your Microsoft Sentinel Platform with Industry-Leading Cyber Threat Intelligence from CYFIRMA

RijutaKapoor on Dec 08 2022 10:47 PM
Gain visibility of your External Threat Landscape by understanding who is targeting you, vulnerabilities that put you at...
3,030

[What’s New] Introducing Standalone and OOTB content management at-scale actions

Preeti_Krishna on Dec 08 2022 04:52 PM
Check out new OOTB content management capabilities in Microsoft Sentinel content hub to discover, deploy and manage cont...
5,023

What’s New: 250+ Solutions in Microsoft Sentinel Content hub!

PrateekTaneja on Dec 08 2022 11:11 AM
The Microsoft Sentinel Content Hub is now 250+ solutions strong with an increasingly vibrant ecosystem empowering custom...
9,534

What's New: Introducing Microsoft Sentinel solution for ServiceNow bi-directional sync

kavishbakshi on Dec 08 2022 11:11 AM
Checkout this new Microsoft Sentinel solution for ServiceNow bi-directional sync
4,089

Architectural Guidance – Azure Monitor private links with Microsoft Sentinel

mahmoudmsft on Dec 08 2022 09:07 AM
Using private links on log analytics workspace while having Sentinel deployed on same workspace.
3,860

Dynamic alert details - The force awakens

romarsia on Dec 06 2022 04:16 AM
When authoring a new detection, one must keep in mind that the MTTR is highly impacted by the data available in the inci...
10.8K

What’s new: Incident tasks

liortamir on Nov 29 2022 04:51 AM
SOC analysts can follow checklists to handle the processes of incident triage, investigation, and response without worry...
3,988

What’s new: Monitor the health of your automation rules and playbooks

liortamir on Nov 17 2022 08:37 AM
Now available: Monitor the execution of your automation rules and playbooks, visualize automation health data, audit who...
8,215

Update to Microsoft Sentinel’s Technical Playbook for MSSPs is now available (v1.5.1)

Didier_Danloy on Nov 07 2022 05:45 AM
Technical guidance and best practices for deploying Microsoft Sentinel as an MSSP or as a large organization with multip...

Latest Comments

beikjrir
in What's New: Introducing Microsoft Sentinel solution for ServiceNow bi-directional sync on Mar 31 2023 05:57 AM
I have configured this on my test SNow instance. In initial testing, it will ingest the alert, however it will also add a new comment for each line of the alert in the SNow ticket. This ends up sending an email alert for the initial alert plus each individual comment added to the case. Is there a wa...
0 Likes
dqwwdq
in Automatically disable On-prem AD User using a Playbook triggered in Azure on Mar 30 2023 11:42 AM
Hi All, Is this guide outdated now I had to change the Trigger to the Sentinel Alert trigger to get this to work. I am now seeing a new error { "error": { "code": "Authorization_RequestDenied", "message": "Insufficient privileges to complete the operation.", "innerError": { "date": "2023-03-30T18:35...
0 Likes
HeinHtut
in Azure Sentinel: The connectors grand (CEF, Syslog, Direct, Agent, Custom and more) on Mar 27 2023 06:17 AM
Hi @Ofer_Shezaf can CEF collector server ingest logs which are come from "Syslog" format? If it is yes, how can I play around with configuration for it. Thanks in advance. Hein
0 Likes
ishasinha0310
in Switching to Key Vault Secrets usage for Function App based Microsoft Sentinel Data Connectors on Mar 26 2023 09:59 PM
Hey @PrateekTaneja , thanks a lot for the crystal clear blog!I would like to point out, however, that when I implemented the steps for testing this integration with my function app, I was getting KeyVaultAccessDenied error. This got resolved once we added additional access policies in KV for the fun...
0 Likes
Inwafula
in Automatically disable On-prem AD User using a Playbook triggered in Azure on Mar 22 2023 04:14 AM
Hi @Vigitalmoe13 have you tried the below: i. Azure AD Sync Connect issue with permission error 8344 - Microsoft Q&A ii. Ensure that the user you are running AAD sync under, has the following permissions on the ‘root’ of your local AD domain. Replicating Directory Changes: Allow Replicating Director...
0 Likes