There’s a newer feature in Log Analytics that you may have missed. This feature makes it much, much easier to share your fantastic KQL query creations with the world and puts the real work on the folks at Microsoft. In the Logs blade in any Log Analytics workspace, under the Share option, there’s a new Share to community option.… READ MORE
Monitoring the ‘Elevate Access Activity’ by Global Admin is a bit tricky operation and so far I have only found it possible with the Microsoft Cloud App Security (MCAS). Last year, I wrote about how you can do it with MCAS. The ultimate solution would be to monitor the activity in Azure Sentinel and, in this blog… READ MORE
Currently, you can’t create a brand new Watchlist using either of these, you can only update existing Watchlists. The reason is that both of these Logic App Connectors rely on JSON and Watchlists only currently support creation using .csv files. So, for now, both of these currently work in the same fashion and provide the… READ MORE
If you have been following me on Twitter or my blog, it’s no secret that I absolutely love Azure Sentinel. It’s on the fastest moving product within the Microsoft Security stack and provides some awesome capabilities. But unfortunately, a lot of people seem to be afraid of it. When you start talking about a ‘SIEM’… READ MORE
For those of you who don’t know Azure Sentinel, Azure Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution.Azure Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. The challenge begins… READ MORE
Microsoft recently released Azure Sentinel, a SIEM service running in the Cloud. Now looking at Sentinel is it not a completely new service it is built upon a lot of existing services in Azure such as Security Center, Log Analytics work space which is being used to query and structure the data underneath. Still it… READ MORE
