How to Add Geographical Data for IP Addresses to an Azure Sentinel Incident

We have a Playbook out on the official GitHub Repo that queries the IP-API.com website with IP addresses and then writes the geographical information to an Incident's Tags. This is useful, but it's been found to be too limiting based on the amount of information IP-API returns versus how little data a Tag can hold. … Continue reading How to Add Geographical Data for IP Addresses to an Azure Sentinel Incident

How to Query HaveIBeenPwned Using an Azure Sentinel Playbook

I've known Troy Hunt for a number of years and his contributions to the security and privacy industry have been hugely valuable and much appreciated by the masses. HaveIBeenPwned is a great resource developed and maintained by Troy. It provides the ability to query against its database to expose domains or user accounts that have … Continue reading How to Query HaveIBeenPwned Using an Azure Sentinel Playbook

Download and Backup Your Azure Sentinel Playbooks

You may have noticed that depending on the existence (or non-existence) of certain connectors, you're not able to export certain Playbooks (Logic Apps). You may see an error message similar to that in the next image. Logic App Export Some would like to still be able to back up their Logic Apps, but in my … Continue reading Download and Backup Your Azure Sentinel Playbooks

Using Microsoft To-do as a Simple Ticketing System for Azure Sentinel

A customer recently wanted me to suggest a very simple, cost-worthy service ticketing system they could use with Azure Sentinel. The following ended up serving the customer's needs. Microsoft To-do can be a powerful tool for those that like to separate their schedule items from their task lists. For many Office 365 customers, they may … Continue reading Using Microsoft To-do as a Simple Ticketing System for Azure Sentinel