User Profile

cklonger

Copper Contributor

Joined 5 years ago

5 Posts1 Like

View All Badges

User Widgets

Recent Discussions

How to enable Azure Firewall Data connector by ARM template or power shell?
Hello, I would like to use code to create a data connector for Azure Firewall. However,Azure Firewall is not inGitHub - javiersoriano/sentinel-all-in-one And I found DataConnectorKinds API doesn't support Azure firewall. Data Connectors - Create Or Update - REST API (Azure Sentinel) | Microsoft Docs Is it possible to use powershell or ARM to enableAzure Firewall Data connector?
Aug 25, 2021 Place Microsoft Sentinel
869Views
0likes
0Comments
Automatically create incidents from Microsoft security alerts and send notification
Hello, we have trigger the rule "Automatically create incidents from Microsoft security alerts" and generate incidents successfully. However, we have no idea how to connect these kind of incidents (from security center) with notification email playbook of other sentinel rules. We know there is a notification setting in Security center. Is it possible to set the auto playbook for the incidents from Microsoft security alerts?
Mar 02, 2021 Place Microsoft Sentinel
1.9KViews
0likes
3Comments
How to make Rule "Explicit MFA Deny" better?
Hello, We turned on this rules for weeks. But all the incidents from the rule seem to benign. The query is as follows: SigninLogs | where ResultType == 500121 | where Status has "MFA Denied; user declined the authentication" | extend AccountCustomEntity = AlternateSignInName | extend IPCustomEntity = IPAddress | extend URLCustomEntity = ClientAppUsed Our idea is check the previous login IP or deviceid of devicedetail. Is there any other suggestion or comment? Thanks a lot
Feb 24, 2021 Place Microsoft Sentinel
9.8KViews
0likes
2Comments
Multiple Log analytic workspace and rules
Good morning: I am a newbie of Azure Sentinel. Our env has setup multiple subscriptions andLog analytic workspaces for different productions. I would like to trigger some rules (from template) in Log analytic workspaces to monitor all our productions. Should I setup rules in everyLog analytic workspace or only one of them ? To view all incidents in one workbook, should I forward the logs from different resources (different subscriptions) to one specialLog analytic workspaces?
Dec 04, 2020 Place Microsoft Sentinel
6KViews
0likes
3Comments

Groups

Recent Blog Articles

Re: Deploying and Managing Azure Sentinel - Ninja style
Thanks for the great work of ninja style. However, If we want to use the connectors which doesn't support by AZSentinel and YAML. (such as Firewall log and Application gateway, Trend micro or third-p...
Dec 14, 2020 Place Microsoft Sentinel Blog
1like
0Comments