Sentinel Syslog Forwarder with AMA
Configure syslog forwarding for Microsoft Sentinel with the Azure Monitor Agent
Sentinel – Common Roles for Getting Started
If you are just getting started with Sentinel take a look at the below reference to common roles required for creating Sentinel and integrating Microsoft data sources. For a complete list of roles refer to Microsoft Sentinel roles and allowed actions Mitigate risk to high privileged roles by leveraging Azure AD Privileged Identity Management Deploying … Read more
Mass Creating Scheduled Analytics Rules From Templates
create-scheduledRuleFromTemplate.ps1 is a PowerShell script you can leverage to import (create) multiple scheduled analytics rules from the Sentinel Github rule template repository This script was written to account for current limitations when leveraging the AzSentinel or Az.SecurityInsights PowerShell modules. Most of which are related to an incomplete set of properties being returned such as tactics and techniques … Read more
Defender for Cloud Cost Estimation
In an ongoing effort to understand and plan for costs associated with Defender for Cloud plans the team at Microsoft has been developing workbooks to assist with cost estimation. Each Defender Plan has a different pricing model based on the resource type. These pricing models are best viewed via the Pricing — Azure Defender | Microsoft … Read more
What’s New in Microsoft Security — February Edition
Sentinel Search, Basic Ingestion, Archive, and Data Restoration Ingestion-time transformations and Custom Logs v2 Advanced Security Information Model (ASIM) — out of the box MITRE view Run playbooks on incidents on demand Run playbooks on workbooks on demand Azure Purview Integration Codeless Connector Platform Large Watchlists Defender for Cloud Native CSPM for GCP and threat … Read more
Microsoft Sentinel Workspace Settings Best Practices
Since Microsoft Sentinel leverages Azure Log Analytics as its data platform it is therefore beheld to the Log Analytics Workspace default settings. When creating a initial instance of Azure Sentinel and the corresponding Log Analytics Workspace there are few settings you need to further enable manually. Workspace Data Retention Settings Out of the box a … Read more
New Blog, New Ideas, More Content
I wouldn’t say I have a good amount of followers yet or any, hopefully you can change that. I am migrating my content off of my old medium site https://starkonsec.medium.com/ to this new site to provide better content. I am hoping to provide more consistent updates, new content, and gather feedback from the community. That … Read more