How to Monitor Compliant and Non-compliant Systems for Zerologon Using Azure Sentinel

In August, we released security updates to resolve a vulnerability (CVE-2020-1472) for all affected systems. With August or September security updates deployed, Domain, Trust and Windows machine accounts will be protected. However, for those organizations that want to monitor for those systems that are either compliant or non-compliant - and find those systems that might … Continue reading How to Monitor Compliant and Non-compliant Systems for Zerologon Using Azure Sentinel

On-Demand Azure Sentinel Video Resources from Microsoft Ignite

Yesterday, I noted the Azure Sentinel Sessions to Watch for During Microsoft Ignite. Most of the sessions I alerted you to are now available for on-demand replay. Here they are: Detect Unknown Threats with User and Entity Behavioral Analytics in Azure Sentinel – On-demandArchitecting SecOps for Success Best Practices for Deploying Azure Sentinel – On-DemandArchitecting SecOps for … Continue reading On-Demand Azure Sentinel Video Resources from Microsoft Ignite

Azure Sentinel Sessions to Watch for During Microsoft Ignite

If you're attending our first virtual-only Microsoft Ignite this year and want some great sessions on Azure Sentinel, here's my list of top content to consume. Improve SecOps with Azure Sentinel, your Cloud-Native SIEM: https://myignite.microsoft.com/sessions/2d7215b6-f3ef-41dc-9a03-c074889b7760 Today more than ever, Security Operations Centers are tasked with modernizing threat response and improving efficiency. See the latest innovations … Continue reading Azure Sentinel Sessions to Watch for During Microsoft Ignite

Getting Guidance for Setting a Security Baseline for Your Azure Sentinel Environment

We recently released some guidance on setting a good baseline for security best practices for Azure Sentinel. I know some of you have found it, but I think it's worth documenting and highlighting so more people know about it. As much as this is a security component, generally the SOC doesn't deal with this information … Continue reading Getting Guidance for Setting a Security Baseline for Your Azure Sentinel Environment

How to Connect Azure Kubernetes to Azure Sentinel

Not surprisingly I had a couple customers and someone on Twitter ask recently about how they could use Azure Sentinel to query against and monitor the Kubernetes service and containers. It's just early days for me as I start to test and expose the security events that are available in the data that is ingested, … Continue reading How to Connect Azure Kubernetes to Azure Sentinel

How to Automate the Backup of Azure Sentinel Tables to Blob Storage Using PowerShell

Not too long ago I wrote a blog post describing how to use Cloud Shell to create Export Rules for automating the backup of Azure Sentinel tables to Blob storage for long-term backup. This is useful for those organizations that need to store data, due to policy, for longer periods than the default 2 years … Continue reading How to Automate the Backup of Azure Sentinel Tables to Blob Storage Using PowerShell

How to Automate the Backup of Azure Sentinel Tables to Long-term Storage Using Cloud Shell

Azure Sentinel customers with specific policies around data retention and the ability to retain data longer than Log Analytics allows, are interested in knowing how to move their Azure Sentinel tables to long-term storage. In a more recent blog post, Matt Lowe talked about how to Move Your Azure Sentinel Logs to Long-Term Storage with … Continue reading How to Automate the Backup of Azure Sentinel Tables to Long-term Storage Using Cloud Shell

How to Add Geographical Data for IP Addresses to an Azure Sentinel Incident

We have a Playbook out on the official GitHub Repo that queries the IP-API.com website with IP addresses and then writes the geographical information to an Incident's Tags. This is useful, but it's been found to be too limiting based on the amount of information IP-API returns versus how little data a Tag can hold. … Continue reading How to Add Geographical Data for IP Addresses to an Azure Sentinel Incident

How to Link to Related Workbooks within the Current Azure Sentinel Workbook

Here's a quick one. I had a customer request where they wanted to replicate the capability of another product. In this other product links are generated to related resources within the system. While I can't currently offer that these links can be auto-generated, we do have the ability within Workbooks to create custom links to … Continue reading How to Link to Related Workbooks within the Current Azure Sentinel Workbook

Steps to Create a Cost Worthy Azure Sentinel Demo/Testing Environment

Periodically I'm asked about my own demo/testing environment for Azure Sentinel. These questions come from both customers and colleagues alike. I'm asked things like what steps do you follow, which connectors/rules to enable, and of course, how much does it cost? Being a Microsoft employee, many people think we get carte blanche on Azure services. … Continue reading Steps to Create a Cost Worthy Azure Sentinel Demo/Testing Environment