Sentinel Syslog Forwarder with AMA

Configure syslog forwarding for Microsoft Sentinel with the Azure Monitor Agent

What’s New in Microsoft Security — April Edition

What’s New in Microsoft Security

Sentinel – Common Roles for Getting Started

If you are just getting started with Sentinel take a look at the below reference to common roles required for creating Sentinel and integrating Microsoft data sources. For a complete list of roles refer to Microsoft Sentinel roles and allowed actions Mitigate risk to high privileged roles by leveraging Azure AD Privileged Identity Management Deploying … Read more

Mass Creating Scheduled Analytics Rules From Templates

create-scheduledRuleFromTemplate.ps1 is a PowerShell script you can leverage to import (create) multiple scheduled analytics rules from the Sentinel Github rule template repository This script was written to account for current limitations when leveraging the AzSentinel or Az.SecurityInsights PowerShell modules. Most of which are related to an incomplete set of properties being returned such as tactics and techniques … Read more

Defender for Cloud Cost Estimation

In an ongoing effort to understand and plan for costs associated with Defender for Cloud plans the team at Microsoft has been developing workbooks to assist with cost estimation. Each Defender Plan has a different pricing model based on the resource type. These pricing models are best viewed via the Pricing — Azure Defender | Microsoft … Read more

What’s New in Microsoft Security — February Edition

Sentinel Search, Basic Ingestion, Archive, and Data Restoration Ingestion-time transformations and Custom Logs v2 Advanced Security Information Model (ASIM) — out of the box MITRE view Run playbooks on incidents on demand Run playbooks on workbooks on demand Azure Purview Integration Codeless Connector Platform Large Watchlists Defender for Cloud Native CSPM for GCP and threat … Read more

Microsoft Sentinel Workspace Settings Best Practices

Since Microsoft Sentinel leverages Azure Log Analytics as its data platform it is therefore beheld to the Log Analytics Workspace default settings. When creating a initial instance of Azure Sentinel and the corresponding Log Analytics Workspace there are few settings you need to further enable manually. Workspace Data Retention Settings Out of the box a … Read more