You may have noticed that depending on the existence (or non-existence) of certain connectors, you're not able to export certain Playbooks (Logic Apps). You may see an error message similar to that in the next image. Logic App Export Some would like to still be able to back up their Logic Apps, but in my … Continue reading Download and Backup Your Azure Sentinel Playbooks
I've worked with several customers recently who still like to be able to work offline somewhat. It's been part of their normal processes for a long while and has become a partial a habit due to working with legacy, on-premises security tools for so long. I try to teach better ways to modernize the processes … Continue reading Export and Backup Azure Sentinel Tables Using this PowerShell Script
While using System Center Service Manager, we have several requests from customers that need to be translated into features. One of the most common requests I receive is how to let users select and add Reviewers to review activity from Self-Service Portal when they fill service request form. this scenario would handle several cases such … Continue reading Add Reviewer From Self-Service Portal in System Center Service Manager
Overnight you may have noticed that our new SecurityIncident table was finally released out of preview. The data contained in this new table is part of a huge ask by customers. It gives Azure Sentinel analysts the ability to query against Security Incident data and generate Workbooks and reports based off the data. I've been … Continue reading Azure Sentinel: Sending an Email Each Morning with the List of Daily Incidents Created
Updating the Kerberos decryption key for the Azure AD SSO computer account is a fairly simple process. In this blog post I walk through the steps to perform an update of the Kerberos decryption key.
With the recent warning about a new vulnerability (CVE-2020-10713) that's being called BootHole, some customers may want to monitor the MBAM/Bitlocker logs, as there's no real protection against the flaw yet. And, in doing so, may also want to provide notifications through analysis - which is a perfect situation for Azure Sentinel. However, there's a … Continue reading Adding MBAM/Bitlocker Logs to Azure Sentinel
There's an almost unlimited number of actions you can take utilizing Playbooks (Logic Apps) in Azure Sentinel. You can attach a Playbook to an Analytics Rule to automate reaction to an alert or you can run Playbooks manually inside the details of an Incident. For example, as part of my own Azure Sentinel investigations, I … Continue reading Building the Azure Sentinel Toolbox: Threat Analytics Search Browser Plug-in
Look, I realize this is not an Azure Sentinel-related blog post from me (which is rare, I know), but I came across a nugget of value today that I thought would be excellent to share. Talking with one of my favorite CSAMs, she just casually glossed over something that she does regularly (and is brilliant … Continue reading Tip: Setting a Delay on Sending Outlook Emails
I was recently assisting a group of students with a project for the Sentinel Hackathon. We came up with the idea to create alerts and dashboards based on Suspicious Activity Reports. The following example will demonstrate how Microsoft Forms responses can be sent to Log Analytics using a Logic App for further analysis. The solution … Continue reading Visualize Microsoft Forms results in Log Analytics
IE Mode on Microsoft Edge provides compatibility for legacy sites that require Internet Explorer 11. IE Mode enables users to access modern and legacy sites using a single browser. Users no longer need to switch between browsers to access legacy intranet sites. IE mode supports ActiveX controls such as Java and Silverlight, and it also supports Internet Explorer settings and group policies that affect Protected Mode and security zone settings. In part one of this two-part series, I will configure IE Mode using Group Policy and Microsoft Intune.