Microsoft Sentinel
- Hunting with Microsoft Graph activity logs
- What's new: Multi-tenancy in the unified security operations platform experience in Public Preview
- Comprehensive coverage and cost-savings with Microsoft Sentinel’s new data tier
- Revolutionizing log collection with Azure Monitor Agent
- Microsoft Sentinel & Cyberint Threat Intel Integration Guide
- Frequently asked questions about the unified security operations platform
- Enhancing Security Monitoring: Integrating GitLab Cloud Edition with Microsoft Sentinel
- Microsoft Sentinel All-In-One now available for Azure Government
- Unified Security Operations Platform - Technical FAQ!
- What's new: Run playbooks on incidents on-demand going GA in unified platform
- Using Cribl Stream to ingest logs into Microsoft Sentinel
- Introducing SOC Optimization API
- What's New: Create your own codeless data connector
- Debugging Playbooks
- Public Preview: Log Analytics Workspace Replication
- Configuring archive period for tables at Mass for Data Retention within Log Analytics Workspace
- PART 3 - Ingesting AWS GovCloud Microsoft Sentinel in Azure Commercial
- SOC optimization: unlock the power of precision-driven security management
- Microsoft Sentinel: Delivering value to your SOC
- Send data to Microsoft Sentinel using Cribl Stream
- Examining the Deception infrastructure in place behind code.microsoft.com
- Setting up Sentinel for Kubernetes Monitoring
- Ingesting Non-Microsoft Cloud Security Data into Microsoft Sentinel for Gov & DIB customers part 2
- Ingesting Non-Microsoft Cloud Security Data into Microsoft Sentinel for Government & DIB Customers
- Enhance the ingestion of AWS CloudWatch logs into Microsoft Sentinel with AWS Lambda
- [What's New] Easily migrate to Microsoft Sentinel with the new SIEM migration experience
- Create Codeless Connectors with the Codeless Connector Builder (Preview)
- How to Set Up Sentinel Data Connectors for Kubernetes and GitHub
- Monitoring Kubernetes Clusters, Image Build Environment and Container Registries with Sentinel
- Upcoming Content Hub AMA supported Data Connectors
- Create Tasks Repository in Microsoft Sentinel
- What's New: CrowdStrike Falcon Data Replicator V2 Data Connector is now Generally Available!
- Unleash the full potential of User and Entity Behavior Analytics with our updated workbook
- Querying Watchlists
- Leveraging CEF with Azure Monitor Agent (AMA) for GCP-Hosted Fortinet Firewall and Syslog Forwarder,
- Use Azure DevOps to manage Sentinel for MSSPs and Multi-tenant Environments
- Become a Microsoft Unified SOC Platform Ninja
- Identifying Adversary-in-the-Middle (AiTM) Phishing Attacks through 3rd-Party Network Detection
- Microsoft Sentinel: Public preview of Microsoft Defender for Cloud to Defender XDR integration
- Sentinel's Enrichment Widgets: Elevating Cybersecurity Intelligence with Microsoft
- Microsoft Sentinel Partner Solution Contributions update - Ignite 2023
- Introducing a Unified Security Operations Platform with Microsoft Sentinel and Defender XDR
- Architecture Guidance: How to ingest GCP Firewall\VPC logs into Microsoft Sentinel
- What’s New: Introducing Microsoft Sentinel Web Session Essentials Solution.
- Fortifying Your Defenses: How Microsoft Sentinel Safeguards Your Organization from BEC Attacks
- Accelerating Zero Trust Alignment with Microsoft Sentinel
- Microsoft Sentinel's new incident experience is generally available!
- Introducing Microsoft Sentinel Optimization Workbook
- Manage Access to Microsoft Sentinel Workbooks with Lower Scoped RBAC
- Help Protect your Exchange Environment With Microsoft Sentinel
- Automate tasks management to protect your organization against threats
- Taking Entity Investigation to the Next Level: Microsoft Sentinel’s Upgraded Entity Pages
- Future Proof your SOC with the Power of the Azure Ecosystem and Defender Threat Intelligence
- Introducing the new Microsoft Sentinel simplified pricing.
- [What’s New] Microsoft Sentinel Content Hub GA and OOTB Content Centralization
- Detect threats on your Power Platform based no-code/low-code applications with Microsoft Sentinel
- What’s new: Monitor and optimize the execution of your scheduled analytics rules
- What's new: Microsoft Sentinel Solution for Dynamics 365 Finance and Operations
- Deep dive into Microsoft Sentinel’s new Overview dashboard
- Split Microsoft Sentinel Tables with Multi-Destination Data Collection Rules
- Introducing the Microsoft Sentinel Triage Assistant (STAT)
- NCS Case Study - End-to-End Integration of Custom BYOML model with Sentinel
- Revolutionize your SAP Security with Microsoft Sentinel's SOAR Capabilities
- Create, Edit, and Monitor Data Collection Rules with the Data Collection Rule Toolkit
- Announcing Public Preview of Microsoft Sentinel in Azure China 21Vianet
- What’s New: Introducing Microsoft Sentinel DNS Essentials solutions.
- RSAC 2023: Microsoft Sentinel empowering the SOC with next-gen SIEM
- Announcing Microsoft Sentinel All-in-One v2
- Advanced Workbook Concepts with Workbooks 202
- What's new with Microsoft Sentinel at Secure
- What’s new: Sentinel Solution for SAP BTP
- What’s New: Introducing Microsoft Sentinel Network Session Essentials solution
- [Coming soon] Microsoft Sentinel out-of-the-box content centralization!
- Tutorial: Get started with Azure WAF investigation Notebook
- ACSC Essential 8 – Health Report in Microsoft Sentinel
- Anomaly detection and Explanation with Isolation Forest and SHAP using Microsoft Sentinel Notebooks
- Designs for Accomplishing Microsoft Sentinel Scalable Ingestion
- What’s new: Monitor the health and audit the integrity of your analytics rules.
- Detect capture-replay vulnerabilities & exploits with the Sentinel solution for SAP® applications
- [What's New] Extract Actionable Intelligence from Text-based Threat Intel using Sentinel Notebook
- The new incident experience is here!
- Microsoft Sentinel Solution for SAP® Applications - New data exfiltration detection rules
- What’s New: Fusion Incident Investigation Notebook
- A Look at Different Options for Storing and Searching Sentinel Archived Logs
- Switching to Key Vault Secrets usage for Function App based Microsoft Sentinel Data Connectors
- MSTICPy Hack Month - February 2023
- What's New: More NEW Microsoft Sentinel SOAR solutions
- Azure Active Directory Identity Protection user account enrichments removed: how to mitigate impact
- What’s new: Run playbooks on entities on-demand
- Arm Your Microsoft Sentinel Platform with Industry-Leading Cyber Threat Intelligence from CYFIRMA
- [What’s New] Introducing Standalone and OOTB content management at-scale actions
- What’s New: 250+ Solutions in Microsoft Sentinel Content hub!
- What's New: Introducing Microsoft Sentinel solution for ServiceNow bi-directional sync
- Architectural Guidance – Azure Monitor private links with Microsoft Sentinel
- Dynamic alert details - The force awakens
- What’s new: Incident tasks
- What’s new: Monitor the health of your automation rules and playbooks
- Update to Microsoft Sentinel’s Technical Playbook for MSSPs is now available (v1.5.1)
- Microsoft is named a Leader in the 2022 Gartner® Magic Quadrant™ for Security Information and Event
- Upcoming changes to the CommonSecurityLog table
- What's New in Sentinel Threat Hunting
- Microsoft Sentinel: What's New at Microsoft Ignite
- UEBA Essentials solution now available in Content Hub!
- Public preview announcement: Defender for IOT solution for Microsoft Sentinel
- Announcing the enhanced Microsoft Sentinel AWS CloudTrail solution, powered by new MITRE-Based Rules
- Anomaly detection on the SAP audit log using the Microsoft Sentinel for SAP solution
- IoT Entity Page - Enhance IoT/OT Threat Monitoring in Your SOC with Sentinel and Defender for IoT
- Data Collection Rules Creation Impacting Sentinel UEBA ML Model
- Introduction to Machine Learning Notebooks in Microsoft Sentinel
- Microsoft Sentinel customizable machine learning based anomalies is Generally Available
- Create and delete incidents in Microsoft Sentinel
- Power of Threat Intelligence sprinkled across Microsoft Sentinel
- Troubleshoot Amazon Web Services S3 connector issues
- Enabling AD FS Security Auditing 📡 and Shipping Event Logs to Microsoft Sentinel 🛡️
- What's New: SOC Process Framework is Now Live in Content Hub!
- Hunting for Teams Phishing with Microsoft Sentinel, Defender, Microsoft Graph and MSTICPy
- Azure resource entity page - your way to investigate Azure resources
- New ingestion-SampleData-as-a-service solution, for a great Demos and simulation
- Detect Masqueraded Process Name Anomalies using an ML notebook
- Hunting for Low and Slow Password Sprays Using Machine Learning
- Bring Threat Intelligence from Kaspersky using TAXII data connector
- Protect critical information within SAP systems against cyberattacks
- New Threat Intelligence features in Microsoft Sentinel
- Intro to KQL Workbook - Summer Update
- Discover the power of UEBA anomalies in Microsoft Sentinel
- Microsoft Sentinel Solution for Dynamics 365 News – New OOB analytics rules templates available now!
- Microsoft Sentinel Automation Tips & Tricks – Part 3: Send email notification options
- What's New in Notebooks - MSTICPy v2.0.0
- Microsoft Sentinel Automation Tips & Tricks – Part 2: Playbooks
- Deploying Microsoft Sentinel Threat Monitoring for SAP agent into an AKS/Kubernetes cluster
- What’s new: Centrally manage automated response to alerts with automation rules
- Become a Microsoft Sentinel Automation Ninja!
- Import Anomali ThreatStream Feed into Microsoft Sentinel
- Migration to Microsoft Sentinel made easy
- Microsoft Sentinel Automation Tips & Tricks – Part 1: Automation rules
- Correlating Microsoft Defender for Cloud alerts in Sentinel
- Microsoft Threat Intelligence Matching Analytics: IP Detections
- I'm Being Attacked, Now What?
- Import Pulsedive Feed into Microsoft Sentinel
- Plan, Track, and Configure Your Microsoft Sentinel Deployment/Migration with This New Workbook
- Announcing the Microsoft Sentinel Hackathon Spring 2022 winners
- Celebrating the Microsoft Sentinel Ecosystem at RSAC 2022
- Analytic rules - 'Sentinel entities' new entity type
- Using Forcepoint NGFW advanced workbook to gain deep security analytics and insights
- Guided Hunting Notebook: Azure Resource Explorer
- What’s new: Automate full incident lifecycle with incident update triggers
- Export Historical Log Data from Microsoft Sentinel
- What’s new: incident expansion – relate alerts to incidents
- Import ReversingLab’s Ransomware Feed into Microsoft Sentinel
- Announcing the Microsoft Sentinel: NIST SP 800-53 Solution
- What's new: Similar incidents in Microsoft Sentinel
- Automating bulk onboarding of Azure IaaS and PaaS resources into Microsoft Sentinel
- Search, Investigate, & Respond to Indicators of Compromise with the Threat Intelligence Workbook
- What’s new: Closer integration between Microsoft Sentinel and Microsoft 365 Defender
- Microsoft Sentinel – Continuous Threat Monitoring for GitHub New OOTB Content
- Bring Threat Intelligence from SEKOIA.IO using TAXII data connector
- Unleash the Power of Modern SecOps with Microsoft Sentinel SOAR
- Microsoft Sentinel for SAP News - Dynamic SAP Security Audit Log Monitor feature available now!
- What's new: Power-up automation with Logic Apps Standard
- Using Microsoft Teams Adaptive Cards to enhance incident response in Microsoft Sentinel
- Export Microsoft Sentinel Playbooks or Azure Logic Apps with Ease
- Transferring Microsoft Sentinel scheduled alert rules between different workspaces using PowerShell
- New watchlist actions available for watchlist automation using Microsoft Sentinel SOAR
- Announcing the Microsoft Sentinel: Cybersecurity Maturity Model Certification (CMMC) 2.0 Solution
- Use the bulk update feature with Microsoft Sentinel Watchlists
- Announcing the search and filter UI enhancements in Watchlists
- Next Evolution of the Microsoft Sentinel Zero Trust (TIC 3.0) Solution
- Microsoft Sentinel Ninja Training - the March 2022 update
- Participate in the Microsoft Sentinel Hackathon Spring 2022!
- Update Microsoft Sentinel VIP Users Watchlist from Azure AD group using playbooks
- Common scenarios using Watchlists (with query examples)!
- How to use Microsoft Sentinel's SOAR capabilities with SAP
- What’s new: Unified Microsoft SIEM and XDR GitHub Community
- Microsoft Sentinel Support for Ingestion-Time Data Transformations
- FAQ: Search, Basic Ingestion, Archive, and Data Restoration
- Configure a continuous data pipeline in Microsoft Sentinel for big data analytics!
- Creating effective NRT detections in Microsoft Sentinel
- Large Watchlist using SAS key is in Public Preview!
- Behind the Scenes: The ML Approach for Detecting Advanced Multistage Attacks with Sentinel Fusion
- Joint forces - MS Sentinel and the MITRE framework
- New! Normalization is now built-in Microsoft Sentinel
- Ingest, Archive, Search, and Restore Data in Microsoft Sentinel
- What’s Next in Microsoft Sentinel?
- Microsoft Sentinel - SAP User Master Data
- Run Microsoft Sentinel playbooks from workbooks on-demand
- What's new: run playbooks on incidents on demand
- Visualize User and App Access Connections in Azure using Jupyter Notebooks in Microsoft Sentinel
- Log sources and analytics rules coverage workbook: see how your tables are being used
- What's New: Consolidating Apache Log4j-related insights across Multiple Tenants and Workspaces
- Microsoft Sentinel – continuous threat monitoring for GitHub
- The Codeless Connector Platform
- Modernize Log Management with the Maturity Model for Event Log Management (M-21-31) Solution
- What's new: Earn your Microsoft Sentinel Black Belt Digital Badge!
- Single Sign On Support for authentication in Microsoft Sentinel Notebooks
- Defending Critical Infrastructure with the Microsoft Sentinel: IT/OT Threat Monitoring Solution
- Get Hands-On KQL Practice with this Microsoft Sentinel Workbook
- What’s New: Detecting Apache Log4j vulnerabilities with Microsoft Sentinel
- Advanced KQL Framework Workbook - Empowering you to become KQL-savvy
- Microsoft Sentinel Jupyter Notebooks knowledge check test
- Microsoft Sentinel - SAP continuous threat monitoring workbooks
- Announcing the Microsoft Sentinel: Zero Trust (TIC3.0) Solution
- MSTICPy Hackathon - January 2022
- Unlock value from your incidents using advanced incident search
- Investigating Suspicious Azure Activity with Microsoft Sentinel
- Microsoft Sentinel - SAP continuous threat monitoring with UEBA entity pages
- Creating your first Microsoft Sentinel Notebook
- Announcing the Microsoft Purview Insider Risk Management Solution
- Microsoft Sentinel: Bring Threat Intelligence from Sectrio using TAXII data connector
- Using Code Snippets to build your own Sentinel Notebooks
- Learning with the Microsoft Sentinel Training Lab
- Announcing the Public Preview of the Microsoft Sentinel Playbook Templates Tab
- Automate more with 200+ OOTB playbooks
- Enable Continuous Deployment Natively with Microsoft Sentinel Repositories!
- Hunt with MITRE ATT&CK techniques using refreshed hunting dashboard
- Customize your hunting experience with MITRE ATT&CK techniques and more entity types
- What’s new: Microsoft Sentinel Deception Solution
- How to use Microsoft Sentinel Near Real Time detections
- Introducing Microsoft Sentinel Content hub!
- Detecting Emerging Threats with Microsoft Sentinel Fusion
- Detection tuning – “Making the tuning process simple - one step at a time.”
- Hunting for potential network beaconing patterns using Apache Spark via Azure Synapse – Part 1
- Security big data analytics with Azure Synapse and Microsoft Sentinel Notebooks!
- Microsoft Sentinel introduces enhancements in machine learning and productivity at Ignite 2021
- Announcing the Azure Sentinel Hackathon 2021 winners!
- Automation: Integrate Azure Data Explorer as Long-Term Log Retention for Microsoft Sentinel
- What’s New: Azure Sentinel Threat Intelligence Workbook
- MITRE ATT&CK technique coverage with Sysmon for Linux
- A Quick Guide on Using Sysmon for Linux in Azure Sentinel
- Automating the deployment of Sysmon for Linux 🐧 and Azure Sentinel in a lab environment 🧪
- Analyzing Endpoints Forensics - Azure Sentinel Connector
- Simple Row-Based Access Workbook: Lab Walk-Through with Azure Sentinel and Azure Data Explorer (ADX)
- The Azure Sentinel Anomalies Simulator
- Querying WHOIS/Registration Data Access Protocol (RDAP) with Azure Sentinel and Azure Functions
- Monitoring Microsoft Sentinel Analytical Rules – Push Health Notifications
- General Availability of Azure Sentinel Threat Intelligence in Public and Azure Government cloud
- Azure Sentinel To-Go! A Linux 🐧 Lab with AUOMS Set Up to Learn About the OMI Vulnerability 💥
- Microsoft Sentinel Notebooks Ninja Part 3: Overview of the Pre-built Notebooks - the Grand List
- Hunting for OMI Vulnerability Exploitation with Azure Sentinel
- Unusual MIRAI variant looks for mining infrastructure
- Microsoft Sentinel Notebooks Ninja Part 2: Getting Started with Microsoft Sentinel Notebooks
- Azure Sentinel Notebooks - Azure cloud support, new visualizations
- Azure Sentinel Information Model Fall Release: Speed & Ease
- What's New: Azure Sentinel - SOC Process Framework 8 Part Video Series!
- Check the health of your exported Microsoft Sentinel logs in your ADX cluster
- Microsoft Sentinel Ninja Training - the Sept 2021 update
- Introducing: Azure Sentinel Data Exploration Toolset (ASDET)
- Alert enrichment "how to reduce incident triage and investigation times using dynamic alert details”
- Becoming a Microsoft Sentinel Notebooks Ninja - The Series!
- Ingestion Cost Spike detection Playbook
- What's new: Microsoft Sentinel Ninja Training Knowledge Check
- What's new: Azure Sentinel new onboarding/offboarding API
- What's new: Incident advanced search is now public!
- What’s new: Fusion Detection for Ransomware
- Azure Sentinel SQL Solution Query Deep-Dive
- What's new: Watchlists templates are now in public preview!
- What's new: ASIM File Activity schema
- Understanding API connections for your Microsoft Sentinel Playbooks
- Microsoft Threat Intelligence Matching Analytics
- Software Defined Monitoring - Using Automated Notebooks and Azure Sentinel to Improve Sec Ops
- What's new: IdentityInfo table is now in public preview!
- What's New: Updated Microsoft Sentinel Documentation July Edition
- Integrating SIEM + XDR: Azure Sentinel and Azure Defender bi-directional incident sync
- What’s New: Azure Sentinel Hunting supports ADX cross-resource queries
- Azure Sentinel Solutions for Partners: Build Combined Value for a Wider Audience
- Watchlist is now Generally Available
- What's new: ASIM Authentication, Process, Registry and enhanced Network schemas
- Testing the New Version of the Windows Security Events Connector with Azure Sentinel To-Go!
- Moving Azure Activity Connector to an improved method
- Join in the Azure Sentinel Hackathon 2021!
- What's New: Microsoft Sentinel Watchlist Support for ARM Templates!
- Enhanced Azure Sentinel Alert remediation in the SOC Process Framework
- What’s New: Azure Sentinel Update Watchlist UI Enhancements
- What's new: Azure Sentinel Information Model DNS Schema and normalized content now public
- Microsoft Defender Security Insights in Azure Sentinel
- Announcing pricing changes to Azure Sentinel and Azure Monitor Log Analytics to help you save costs
- What’s new: customize entity page timeline!
- What’s new: Detect credential leaks using built-in Azure Sentinel notebooks!
- Azure Sentinel PowerShell Module Az.SecurityInsights has been released to GA!
- Who Watches the SOC Team? Enabling Audit/Risk Teams to Monitor the SOC
- Announcing 15+ New Azure Sentinel Data Connectors
- Democratize Machine Learning with Customizable ML Anomalies
- RSA Conference 2021: New innovations for Azure Sentinel
- Introducing Azure Sentinel Solutions!
- What’s new: IP entity page
- What's new: Incident Team - collaborate in Microsoft Teams
- What’s new: Hunting dashboard refresh
- What's New: Fusion Advanced Multistage Attack Detection Scenarios with Scheduled Analytics Rules
- What's New: Azure Sentinel - SOC Process Framework Workbook
- Automate Incident Assignment with Shifts for Teams
- Azure Sentinel Side-by-Side with Splunk via EventHub
- What’s New: Azure Sentinel: Zero Trust (TIC3.0) Workbook
- MSTICPy and Jupyter Notebooks in Azure Sentinel, an update
- Non-interactive logins: minimizing the blind spot
- What’s new: Incident timeline
- How to use Azure Sentinel for Incident Response, Orchestration and Automation
- Group-IB Threat Intelligence and Attribution Connector - Azure Sentinel
- IoT Asset discovery based on FW logs
- Web Shell Threat Hunting with Azure Sentinel
- Best practices for migrating detection rules from ArcSight, Splunk and QRadar to Azure Sentinel
- What’s new: Automation rules
- Monitoring the Software Supply Chain with Azure Sentinel
- What’s new: Alert Enrichment – Custom Details and Entity Mapping
- Whats new: Azure Sentinel and Microsoft 365 Defender incident integration
- Microsoft Ignite 2021: Blob and File Storage Investigations
- Visibility of Azure key vault activity in Sentinel Azure Key Vault Workbook
- Utilize Watchlists to Drive Efficiency During Microsoft Sentinel Investigations
- Microsoft Ignite 2021: What's New in Azure Sentinel
- 30+ New Azure Sentinel Data Connectors
- Jupyter Notebook Pivot Functions
- Handling false positives in Azure Sentinel
- Use Microsoft Azure Sentinel and Anomali Match for actionable threat detection
- What's new: User and Entity Behavior Analytics (UEBA) insights in the entity page!
- The Toolkit for Data-Driven SOCs
- Categorizing Microsoft alerts across data sources in Azure Sentinel
- Bring Remediation Steps into Azure Sentinel
- Migrating QRadar offenses to Microsoft Sentinel
- Automatically disable On-prem AD User using a Playbook triggered in Azure
- What's New: Cybersecurity Maturity Model Certification (CMMC) Workbook in Public Preview
- Centralize your security response with Azure Sentinel & PagerDuty
- Using NXLog to enhance Azure Sentinel’s ingestion capabilities
- Azure Sentinel All-In-One Accelerator
- What’s New: Support for formatted comments and comments editing and deleting!
- Move Your Microsoft Sentinel Logs to Long-Term Storage with Ease
- New Year - New Official Azure Sentinel PowerShell Module!
- Protecting your DocuSign Agreements with Microsoft Sentinel
- Bring Threat Intelligence from IntSights Using TAXII Data Connector
- What’s new: Dedicated clusters for Microsoft Sentinel
- What’s new: Managed Identity for Azure Sentinel Logic Apps connector
- Handling ingestion delay in Azure Sentinel scheduled alert rules
- What's New: Improved Analytics Preview Graph in Public Preview !
- The Ninja Training 2021 edition is out!
- The FAQ companion to the Azure Sentinel Ninja training
- Ingestion Cost Alert Playbook
- Data Connector Health - Push Notification Alerts
- SolarWinds Post-Compromise Hunting with Azure Sentinel
- Microsoft Cloud App Security (MCAS) Activity Log in Azure Sentinel
- What's new: Improvements to the Log Analytics Agent
- Bring threat intelligence from Sixgill using TAXII Data Connector
- How to setup a Canarytoken and receive incident alerts on Azure Sentinel
- What's New: 80 out of the box hunting queries!
- What's New: Azure Sentinel Logic Apps Connector improvements and new capabilities
- Using the VirusTotal V3 API with MSTICPy and Azure Sentinel
- How to export data from Splunk to Azure Sentinel
- Using Azure Data Explorer for long term retention of Microsoft Sentinel logs
- Hunting for Barium using Azure Sentinel
- What's new: Monitoring your Logic Apps Playbooks in Azure Sentinel
- What’s new: Microsoft 365 Defender connector now in Public Preview for Microsoft Sentinel
- What's New: Multiple playbooks to one analytic rule
- Deploying and Managing Azure Sentinel - Ninja style
- New Azure Kubernetes Service (AKS) Security Workbook
- O365 & AAD Multi-Tenant Custom Connector - Azure Sentinel
- Guided UEBA Investigation Scenarios to empower your SOC
- SOC Prime O365 rules and more now offered free, exclusively to Azure Sentinel users
- Announcing the Investigation Insights Workbook
- Expanding Microsoft Teams Log Data in Azure Sentinel
- What’s New: Entity Insights for Convenient Investigation Checks is Now in Public Preview
- Playbooks & Watchlists Part 2: Automate incident response for Deny-list/Allow-list
- Playbooks & Watchlists Part 1: Inform the subscription owner
- What's new: Watchlist is now in public preview!
- Using Jupyter Notebook to analyze and visualize Azure Sentinel Analytics and Hunting Queries
- Aggregating Insider Risk Management Information via Azure Sentinel
- What's new: New Fusion detections and BYOML in public preview!
- What’s New: HTML and Markdown support for incident comment
- Build-Your-Own Machine Learning detections in the AI immersed Azure Sentinel SIEM
- Azure Sentinel To-Go (Part2): Integrating a Basic Windows Lab 🧪 via ARM Templates 🚀
- Watching the Watchers: Monitoring Azure Sentinel Query Activity for Malicious Activity.
- Understanding Microsoft Teams Data Schema in Azure Sentinel - Analyst / Researcher View
- Auditing Microsoft Sentinel activities
- Enriching Windows Security Events with Parameterized Function
- Analysing Web Shell Attacks with Azure Defender data in Azure Sentinel
- What's new: Azure Sentinel User and Entity Behavior Analytics in Public Preview!
- What's New: PowerShell+Azure Sentinel notebooks to supercharge your hunting and investigations!
- What's new: The new Azure Sentinel Notebooks experience is now in public preview!
- What's new: Threat Intelligence menu item in Public Preview!
- Stay ahead of threats with new innovations from Azure Sentinel
- How to align your Analytics with time windows in Azure Sentinel using KQL (Kusto Query Language)
- What's new: Analytics FileHash entity hits GA!
- What’s new: Office 365 Advanced Threat Protection connector in Public Preview
- Microsoft Sentinel Incident Bi-directional sync with ServiceNow
- What’s New: Cross-workspace Analytics Rules
- How to Protect Office 365 with Azure Sentinel
- What’s new: Azure DDoS Protection connector in Public Preview for Azure Sentinel
- What’s new: Microsoft Teams connector in Public Preview
- How to integrate vulnerability management in Azure Sentinel
- What’s New: Azure Firewall Connector in Public Preview!
- Remediate Vulnerable Secure Channel Connections with the Insecure Protocols Workbook
- What’s New: Query line numbering, Azure Sentinel in the schema pane
- MSTIC Notebooklets - Fast Tracking CyberSec Jupyter Notebooks
- Monitoring Azure Kubernetes Service (AKS) with Microsoft Sentinel
- Announcing a new Azure Sentinel GitHub Leaderboard!
- Accelerate your Azure Sentinel Deployment with this Azure DevOps Boards Template
- Guided Hunting Notebook: Base64-Encoded Linux Commands
- Secure your Calls- Monitoring Microsoft TEAMS CallRecords Activity Logs using Azure Sentinel
- Ingesting log files from AWS S3 using AWS Lambda
- Azure Sentinel Insecure Protocols Workbook Reimagined
- What’s new: SOC operational metrics now available in Microsoft Sentinel
- What's new: Azure Sentinel and Microsoft Defender ATP improved alert integration
- Announcing the Azure Sentinel Hackathon winners
- What's New: Incident Auto-refresh hits GA!
- Enrich Azure Sentinel security incidents with the RiskIQ Intelligence Connector
- Azure Sentinel Ninja Training: The July 2020 update
- New Azure Sentinel connectors
- Hunting the Clues- Azure Sentinel Administrative Suspicious Activities Library
- What's New: Cross Workspace Hunting is now available!
- Azure Sentinel Workbooks 101 (with sample Workbook)
- What's New: Azure Sentinel Machine Learning Behavior Analytics: Anomalous RDP Login Detection
- Azure Sentinel Side-by-Side with QRadar
- Microsoft Sentinel API 101
- Handling sliding windows in Azure Sentinel rules
- Monitoring SQL Server with Azure Sentinel
- New Azure Sentinel notebook experience and the retirement of the Azure Notebooks service preview
- Hunting for anomalous sessions in your data with Azure Sentinel
- Automating the onboarding on-premises, AWS and GCP VMs on Sentinel with Azure Arc
- Azure Sentinel Ninja Training: The June 2020 update
- What's New: Livestream for Azure Sentinel is now released for General Availability
- Using external data sources to enrich network logs using Azure storage and KQL
- MAY THE "TI" BE WITH YOU: Connect ThreatConnect TIP with Azure Sentinel
- Protecting your GitHub assets with Azure Sentinel
- Sending enriched Microsoft Sentinel alerts to 3rd party SIEM and Ticketing Systems
- Web shell threat hunting with Azure Sentinel and Microsoft Threat Protection
- Azure Security Center Auto-connect to Sentinel
- What’s New: Azure Sentinel Threat Hunting Enhancements
- Secure Working from Home – Deep Insights at Enrolled MEM Assets via Azure Sentinel
- Protecting MSSP’s Intellectual Property in Microsoft Sentinel
- Making your Microsoft Sentinel Workbooks multi-tenant (or multi-workspace)
- Approximate, partial and combined lookups in Azure Sentinel
- Integrating open source threat feeds with MISP and Sentinel
- Using Azure Playbooks to import text-based threat indicators to Azure Sentinel
- Using the Sentinel API to view data in a Workbook
- What's New: Cross Workspace Incident View in Public Preview!
- Kicking off the Azure Sentinel Hackathon!
- Monitoring Windows Virtual Desktop environments (Fall 2019 release) with Microsoft Sentinel
- Graph Visualization of External Teams Collaborations in Azure Sentinel
- Monitoring Zoom with Azure Sentinel
- Hunting Threats on Linux with Azure Sentinel
- Azure Sentinel Sigma & SOC Prime Integration (Part 3): Deploy to multiple workspaces and tenants
- Creating digital tripwires with custom threat intelligence feeds for Azure Sentinel
- Gain Compliance, Posture, and Protection Insights with this Azure Security Center Related Workbook
- Become a Microsoft Sentinel Ninja: The complete level 400 training
- Controlling access to Azure Sentinel Data: Resource RBAC
- Enriching Azure Sentinel with Azure AD information
- Azure Sentinel Sigma & SOC Prime Integration (Part 2): Directly deploy to Azure Sentinel
- Help for Security Operations Centers facing new challenges
- What’s New: Improved Incident Closing Experience is now Available!
- Enabling security research & hunting with open source IoT attack data
- Azure Sentinel Resource Terminus - board here!
- Quick wins - Identify signs of intrusions in real time with Microsoft Sentinel Livestreams
- Usage reporting for Azure Sentinel
- Protecting your Teams with Azure Sentinel
- Azure Sentinel To-Go (Part1): A Lab w/ Prerecorded Data 😈 & a Custom Logs Pipe via ARM Templates 🚀
- Compliance Reporting for Azure
- Ingest Fastly Web Application Firewall logs into Azure Sentinel
- Access Azure Sentinel Log Analytics via API (Part 1)
- Azure Sentinel Sigma and SOC Prime Integration (Part 1): Convert Sigma rules to Azure Sentinel
- Connect X-Force Exchange API on Microsoft Sentinel
- Ingesting Auditd (configured for PAM TTY Session Key Logging) into Azure Sentinel
- Azure Sentinel Side-by-Side with Splunk
- Combining Azure Lighthouse with Microsoft Sentinel’s DevOps capabilities
- Azure Sentinel Insecure Protocols Workbook Implementation Guide
- What’s New: Reduce alert noise with Incident settings and alert grouping in Azure Sentinel
- Scaling Up Syslog CEF Collection
- Office 365 Email Activity and Data Exfiltration Detection
- Bring your threat intelligence to Microsoft Sentinel
- Explorer Notebook Series: The Linux Host Explorer
- Deploying and Managing Microsoft Sentinel as Code
- Extending Azure Sentinel: APIs, Integration and management automation
- Implementing Lookups in Azure Sentinel
- Ingesting Alien Vault OTX Threat Indicators into Azure Sentinel
- Ingest Box.com activity events via Microsoft Cloud App Security into Azure Sentinel
- Ingest Sample CEF data into Azure Sentinel
- Azure Sentinel correlation rules: the join KQL operator
- Using Azure Lighthouse and Azure Sentinel to Investigate Attacks Across Multiple Tenants
- Ingest Office 365 DLP Events into Azure Sentinel
- Azure Sentinel correlation rules: Active Lists out; make_list() in, the AAD/AWS correlation example
- Hunting for Capital One Breach TTPs in AWS logs using Azure Sentinel - Part II
- Best Practices for Common Event Format (CEF) collection in Azure Sentinel
- Hunting for Capital One Breach TTPs in AWS logs using Azure Sentinel - Part I
- Azure Sentinel – Microsoft Ignite 2019 Recap
- Using the new built-in URL detonation in Azure Sentinel
- Azure Sentinel and Azure Arc
- Try Azure Sentinel Alongside Your Existing SIEM
- Ingesting Office 365 Alerts with Graph Security API
- Upcoming Azure Sentinel training webinars
- How to use Azure Sentinel to follow a Users travel and map their location
- How to use Azure Monitor Workbooks to map Sentinel data
- Table Level RBAC In Microsoft Sentinel
- Azure Sentinel at Microsoft Ignite
- New: Per data type retention is now available for Azure Sentinel
- Identifying Threat Hunting opportunities in your data
- What am I looking at? - Using Notebooks to gain situational awareness.
- Using Threat Intelligence in your Jupyter Notebooks
- Azure Sentinel is now Generally Available!
- Azure Sentinel: Creating Custom Connectors
- Preparing towards Azure Sentinel's GA
- Best practices for designing a Microsoft Sentinel or Azure Defender for Cloud workspace
- Upcoming Changes to Fusion in Azure Sentinel
- Azure Sentinel Agent: Collecting from servers and workstations, on-prem and in the cloud
- Azure Sentinel: The connectors grand (CEF, Syslog, Direct, Agent, Custom and more)
- Azure Sentinel: Collecting logs from Microsoft Services and Applications
- Detect Network beaconing via Intra-Request time delta patterns in Azure Sentinel
- Tip: Easily use JSON fields in Sentinel
- Sending Proofpoint TAP logs to Azure Sentinel
- Microsoft Sentinel Blog - Table of Contents
- Using KQL functions to speed up analysis in Azure Sentinel
- msticpy - Python Defender Tools
- Time Series visualization of Palo Alto logs to detect data exfiltration
- Importing Sigma Rules to Azure Sentinel
- Looking for unknown anomalies - what is normal? Time Series analysis & its applications in Security
- Security Investigation with Azure Sentinel and Jupyter Notebooks – Part 3
- Sending REST API data to Azure Sentinel
- Time series analysis applied in a security hunting context
- Security Investigation with Azure Sentinel and Jupyter Notebooks – Part 2
- Integrating Azure Security Center with Azure Sentinel
- Why Use Jupyter for Security Investigations?
- Security Investigation with Azure Sentinel and Jupyter Notebooks – Part 1
- Azure Sentinel: Performing Additional Security Monitoring of High-Value Accounts
Playbooks
GitHub
Learning and Training