Microsoft Sentinel this Week - Issue #45

Custom data views are important in that each environment is different and each environment’s requirements for security will differ – sometimes greatly. Whether its geographical, business political, or something else, the data that is exposed will alter the perception of the organization’s risk. So, it’s important to expose the right data.

While part/chapter 13 provided a way to build custom views of the data, that data was still populated among all the rest of the data. Now we get to do something with the data. We get to choose exactly what is displayed to afford our security teams the chance to catch things quickly. We can choose to display our custom data, but then handpick everything else.

This is where the Project operator comes into play. Using the Project operator, I can tell the query engine the exact data columns to show. In this case, by the way, Project is pronounced like as in projector.

With the public preview release of our Microsoft Sentinel Health Monitoring capability, this gives customers the ability to monitor more about the tool’s environment than just Data Connectors and ingestion failures. It also provides a way to create alerts when Analytics Rules fail - or partially fail - to fire. The following query can be…

We’ve released into public preview a new feature for Microsoft Sentinel that gives customers tools to enable monitoring of the health of Microsoft Sentinel operations like data connector activity and on scheduled analytics rules’ operation. Enabling this new feature requires a manual operation. To enable Health Monitoring, do this: [1] In the Microsoft Sentinel console,…

I haven’t spent too much time with Sentinel in the past, but there’s nothing like a practical workout to discover how things work. In this article, I discuss how to use Sentinel to visualize information based on events ingested from the Office 365 audit log. If an Azure subscription is available (a pay as you go subscription works nicely), any Microsoft 365 tenant can follow my steps by exploiting the 31-day trial for Microsoft Sentinel.

In this video I will explain how you can manage Microsoft Sentinel by connecting it to a GIT repository.

Concerned about attackers reaching your most sensitive resources without being detected? Considering introducing deception capabilities but not sure where to…

Take your SOC to the next level with Microsoft Teams!

Get Battle-ready by attending our session on the 26th of Jan where Luke Evans and I will walk you through one of the most fantastic solutions ever created for collaboration!

With this post we announce an improvement in the Sign on experience for MSTICPy Notebooks as well as simplification of the content within the “Getting

Scheduled Query Rules API version 2021-08-01 is now available and fully supported, replacing API version 2021-02-01-preview.

Learn about 4 approaches to comprehensive security that help leaders be fearless

Continuous Threat Monitoring for Dynamics 365 is currently in public preview, when it launches in 2022 it will feature a great deal more rules, workbooks, queries and enhancements to get you up and running quickly.

Detects when certutil is used to connect to a public IP. This could indicate abuse of cert util

Create a summary showing which of your Azure AD conditional access policies are preventing the most signins and for what reason

Sentinel Health must be enabled (https://cda.ms/3Fd), but this shows rules that have not executed successfully in the last 24 hours and how many times it failed

Adds a friendly error description to the AADServicePrincipalSignInLogs table for any non successful signins

Find the most attacked hostname behind an Azure App Gateway

Find users that are connecting to internet endpoints via PowerShell commands

Find Azure AD conditional access policies that have no hits for ‘success’ or ‘failure’ over the last month

This report is an overview of the market for modern, intelligent Security Information and Event Management (SIEM) platforms and provides you with a compass to help you to find the solution that…