Download and Backup Your Azure Sentinel Playbooks

You may have noticed that depending on the existence (or non-existence) of certain connectors, you're not able to export certain Playbooks (Logic Apps). You may see an error message similar to that in the next image. Logic App Export Some would like to still be able to back up their Logic Apps, but in my … Continue reading Download and Backup Your Azure Sentinel Playbooks

Export and Backup Azure Sentinel Tables Using this PowerShell Script

I've worked with several customers recently who still like to be able to work offline somewhat. It's been part of their normal processes for a long while and has become a partial a habit due to working with legacy, on-premises security tools for so long. I try to teach better ways to modernize the processes … Continue reading Export and Backup Azure Sentinel Tables Using this PowerShell Script

Add Reviewer From Self-Service Portal in System Center Service Manager

While using System Center Service Manager, we have several requests from customers that need to be translated into features. One of the most common requests I receive is how to let users select and add Reviewers to review activity from Self-Service Portal when they fill service request form. this scenario would handle several cases such … Continue reading Add Reviewer From Self-Service Portal in System Center Service Manager

Azure Sentinel: Sending an Email Each Morning with the List of Daily Incidents Created

Overnight you may have noticed that our new SecurityIncident table was finally released out of preview. The data contained in this new table is part of a huge ask by customers. It gives Azure Sentinel analysts the ability to query against Security Incident data and generate Workbooks and reports based off the data. I've been … Continue reading Azure Sentinel: Sending an Email Each Morning with the List of Daily Incidents Created

Adding MBAM/Bitlocker Logs to Azure Sentinel

With the recent warning about a new vulnerability (CVE-2020-10713) that's being called BootHole, some customers may want to monitor the MBAM/Bitlocker logs, as there's no real protection against the flaw yet. And, in doing so, may also want to provide notifications through analysis - which is a perfect situation for Azure Sentinel. However, there's a … Continue reading Adding MBAM/Bitlocker Logs to Azure Sentinel

Building the Azure Sentinel Toolbox: Threat Analytics Search Browser Plug-in

There's an almost unlimited number of actions you can take utilizing Playbooks (Logic Apps) in Azure Sentinel. You can attach a Playbook to an Analytics Rule to automate reaction to an alert or you can run Playbooks manually inside the details of an Incident. For example, as part of my own Azure Sentinel investigations, I … Continue reading Building the Azure Sentinel Toolbox: Threat Analytics Search Browser Plug-in

Visualize Microsoft Forms results in Log Analytics

Suspicious Activity Report

I was recently assisting a group of students with a project for the Sentinel Hackathon. We came up with the idea to create alerts and dashboards based on Suspicious Activity Reports. The following example will demonstrate how Microsoft Forms responses can be sent to Log Analytics using a Logic App for further analysis. The solution … Continue reading Visualize Microsoft Forms results in Log Analytics

Microsoft Edge: Configure IE Mode (Part 1)

IE Mode on Microsoft Edge provides compatibility for legacy sites that require Internet Explorer 11. IE Mode enables users to access modern and legacy sites using a single browser. Users no longer need to switch between browsers to access legacy intranet sites. IE mode supports ActiveX controls such as Java and Silverlight, and it also supports Internet Explorer settings and group policies that affect Protected Mode and security zone settings. In part one of this two-part series, I will configure IE Mode using Group Policy and Microsoft Intune.