Cloud Security and Architecture: Microsoft Holistic Security, Azure Security, Microsoft Sentinel, Defender for Cloud
Overview If you have versions numbers that contain major and minor decimal places such as 1.2, 1.3, 1.3.1, 1.5 you may have noticed ordering by these fields doesn’t really work well. As we can see from the example below order by doesn’t properly order the version number column. 1.21.1 is a higher version number than … Read more
Currently today you can ingest Windows Security Events to Microsoft Sentinel using the Windows Security Events via AMA data connector. This data connector will send events directly to the SecurityEvent table. When it comes to Windows event log collection its fairly important that events generally land in the SecurityEvent table. Most of the out of … Read more
Configure syslog forwarding for Microsoft Sentinel with the Azure Monitor Agent
Since Microsoft Sentinel leverages Azure Log Analytics as its data platform it is therefore beheld to the Log Analytics Workspace default settings. When creating a initial instance of Azure Sentinel and the corresponding Log Analytics Workspace there are few settings you need to further enable manually. Workspace Data Retention Settings Out of the box a … Read more