Is it possible to set up this playbook for a specific rule incident alarm?
I was wondering if a specific playbook setting is possible for the rules below RuleName : New Azure Sentinel incident - Authentication Attempt from New Country Read UserPrincipalName, set_IPAddress value when alarm occurs Automatically send mail to each user by identifying the user-specific mail address with UserPrincipalName and changing the recipient, ip value according to the specified mail formUsing the New-AzSentinelDataConnector cmdlet
I have tried using the New-AzSentinelDataConnector cmdlet to create or update a data connector. I have not fully gotten this solution working, trying to enable the Microsoft Entra ID data connector. To emphasise this point, these were the PowerShell commands I ran... $ResourceGroup = "rg-sentinel" $WorkspaceName = "ingested-data-sentinel" # Connect to Azure and return Tenant ID $Connection = Connect-AzAccount $TenantId = $Connection.Context.Tenant.Id # Create Data Connector (AAD/Entra ID) New-AzSentinelDataConnector -ResourceGroupName $ResourceGroup -WorkspaceName $WorkspaceName -kind AzureActiveDirectory -TenantId $TenantID -Alerts Enabled The error output can be seen in the screenshot attached. Has anyone successfully deployed a data connector with this PowerShell cmdlet?
Pending actions notification via KQL / Graph API
Hello, I'm looking for a way to get notifications when an investigation is in Pending Approval state. I have tried searching the logs in Defender and Sentinel and have tried finding a graph request that could get this information, but no luck. Is this something that exists? Thank you for any help regarding this topic. KristofMicrosoft Defender for Cloud Customer Newsletter
What's new in Defender for Cloud? AI security posture management is now generally available! Reduce risk to cross cloud AI workloads by discovering generative AI Bill of Materials, strengthen generative AI application security posture and use the attack path analysis to identify risk. Learn more about it here. On-demand malware scanning now in public preview We’re excited to announce the public preview of on-demand malware scanning. Customers can now scan existing files in storage accounts on-demand, which helps customers to gain finer control and customization for critical storage assets. For more details, please refer to our documentation. Blog(s) of the month In November, following Ignite announcements, our team published the following blog posts we'd like to share: Cloud security innovations: strengthening defenses against modern cloud and AI threats New innovations in container security with unified visibility, investigations, and response actions Proactively harden your cloud security posture in the age of AI with CSPM innovations Prevent malware from spreading by scanning cloud storage accounts on-demand Deprecation of “Bring Your Own License” in MDC” GitHub community Learn how to onboard Azure DevOps to Defender for Cloud in our updated lab - Module 14 here. Visit our GitHub page here. Defender for Cloud in the field Refresh your knowledge on securing your AI applications: Secure your AI applications from code to runtime Visit our new YouTube page Customer journey Discover how other organizations successfully use Microsoft Defender for Cloud to protect their cloud workloads. This month we are featuringThe NBA (National Basketball Association), a global sports and media powerhouse dedicated to growing and celebrating the game of basketball, partnered with Microsoft to address the complexities of scale, and security required for next-generation technologies. With its IT estate in Azure, the NBA leverages Defender for Cloud to provide a single pane of glass on its cloud security posture. Security community webinars Join our experts in the upcoming webinars to learn what we are doing to secure your workloads running in Azure and other clouds. This month, we have the following upcoming webinar: DEC 11Microsoft Defender for Cloud |Exploring the Latest Container Security Updates from Microsoft Ignite DEC 12Microsoft Defender for Cloud|Future-Proofing Cloud Security with Defender CSPM We offer several customer connection programs within our private communities. By signing up, you can help usshape our products through activities such as reviewing product roadmaps, participating in co-design, previewing features, and staying up-to-date with announcements. Sign up ataka.ms/JoinCCP. We greatly value your input on the types of content that enhance your understanding of our security products. Your insights are crucial in guiding the development of our future public content. We aim to deliver material that not only educates but also resonates with your daily security challenges. Whether it’s through in-depth live webinars, real-world case studies, comprehensive best practice guides through blogs, or the latest product updates, we want to ensure our content meets your needs. Please submit your feedback on which of these formats do you find most beneficial and are there any specific topics you’re interested inhttps://aka.ms/PublicContentFeedback. Note:If you want to stay current with Defender for Cloud and receive updates in your inbox, please consider subscribing to our monthly newsletter:https://aka.ms/MDCNewsSubscribeNLP London Meetup - Microsoft Reactor
Hey everyone! Thanks for joining out session today at the NLP London meetup in the Microsoft Reactor. Here you can find the resources that we have shared during the session and our contact links. Resources Azure OpenAI Docs The Azure Developer CLI azd AI App Templates Azure AI Search Docs Azure OpenAI Assistants Responsible AI Contoso Creative Writer Example Application Our next event London Reactor meetup - 10th December Liam Hampton LinkedIn Chris Noring LinkedIn
