Using Microsoft To-do as a Simple Ticketing System for Azure Sentinel

A customer recently wanted me to suggest a very simple, cost-worthy service ticketing system they could use with Azure Sentinel. The following ended up serving the customer's needs. Microsoft To-do can be a powerful tool for those that like to separate their schedule items from their task lists. For many Office 365 customers, they may … Continue reading Using Microsoft To-do as a Simple Ticketing System for Azure Sentinel

Resolving WindowsFirewall Log Ingestion Problems for Azure Sentinel

This problem has come up enough in the last month or so that its worth a quick-hit blog post to help folks resolve it. The problem: You enable the Windows Firewall Data Connector in Azure Sentinel, follow the directions, and make sure the Log Analytics agent is installed on the remote system - but the … Continue reading Resolving WindowsFirewall Log Ingestion Problems for Azure Sentinel

Azure Sentinel Daily Task: Data Connectors

This is part of a continuing series in relation to the Suggested Daily, Weekly, and Monthly Tasks for Azure Sentinel, which outlines tasks for security analysts. In this article, I’ll talk about investigating incidents as part of a daily regimen for an Azure Sentinel analyst. There’s deeper discussions and training that’s required to get a good … Continue reading Azure Sentinel Daily Task: Data Connectors

Azure Sentinel Daily Task: Analytics Rules

This is part of a continuing series in relation to the Suggested Daily, Weekly, and Monthly Tasks for Azure Sentinel, which outlines tasks for security analysts. In this article, I'll talk about investigating incidents as part of a daily regimen for an Azure Sentinel analyst. There's deeper discussions and training that's required to get a … Continue reading Azure Sentinel Daily Task: Analytics Rules

Azure Sentinel Tip for Table Details and Descriptions

I wrote a recent article that talks about tips for doing Data Sampling for Azure Sentinel. Data Sampling is a method that allows the Sentinel Analyst to figure out where and what data exists in the Log Analytics workspace to help hone KQL queries to produce good data results. Read that here if you missed … Continue reading Azure Sentinel Tip for Table Details and Descriptions

Azure Sentinel Daily Task: Hunting Queries and Bookmarks

This is part of a continuing series in relation to the Suggested Daily, Weekly, and Monthly Tasks for Azure Sentinel, which outlines tasks for security analysts. In this article, I'll talk about investigating incidents as part of a daily regimen for an Azure Sentinel analyst. There's deeper discussions and training that's required to get a … Continue reading Azure Sentinel Daily Task: Hunting Queries and Bookmarks

Azure Sentinel Daily Task: Investigate Incidents

This is part of a continuing series in relation to the Suggested Daily, Weekly, and Monthly Tasks for Azure Sentinel, which outlines tasks for security analysts. In this article, I'll talk about investigating incidents as part of a daily regimen for an Azure Sentinel analyst. There's deeper discussions and training that's required to get a … Continue reading Azure Sentinel Daily Task: Investigate Incidents

Newly Expanded Azure Sentinel Feature for Closing Incidents

Working with Azure Sentinel daily I see new features added regularly. I deliver a weeklong workshop and POC for Azure Sentinel and it's rare that I don't discover something new myself during each workshop and then have to learn it and teach about it on-the-fly. But that's a good thing. As with everything in Azure, … Continue reading Newly Expanded Azure Sentinel Feature for Closing Incidents

Suggested Daily, Weekly, and Monthly Tasks for Azure Sentinel

As more and more customers use Azure Sentinel to view and respond to security alerts and threats within their organization, it becomes more important to set aside some daily, weekly, and monthly tasks to provide care-and-feeding of the product. This vigilance ensures that operations are consistently at peak performance so analysts can focus on securing … Continue reading Suggested Daily, Weekly, and Monthly Tasks for Azure Sentinel

Manually Importing Updates into WSUS

a Question that has been raised by quite a few customers is around importing updates into the SCCM environment, that are not available on WSUS, but are on Microsoft Update. The below steps will guide you through the steps to get the updates into the environment quickly As per the CVV articles that are released, … Continue reading Manually Importing Updates into WSUS