SecOpsLab

SecOpsLab

Home
Archive
About
Microsoft Sentinel incident list in Teams
A live view of Microsoft Sentinel incidents directly in Microsoft Teams? Its possible and as I’ve implemented this a few times recently, I wanted to…
  Mikko Koivunen
Modular playbook architectures
Sometimes we end up building problems for ourselves when creating automations in Microsoft Sentinel. One way to work around some of these problems is to…
  Mikko Koivunen
Differentiate XDR and SIEM incidents
After onboarding to Unified SIEM & XDR portal, the incident status and history log table gets a rewrite. We need a new approach to differentiate between…
  Mikko Koivunen
Direct linking to Microsoft Sentinel incidents in the unified portal
This might be the smallest thing I've ever written about here, but anyhow.. If you've onboarded to SIEM & XDR unified portal, you may wonder how to…
  Mikko Koivunen
Send custom data from Logic Apps to Microsoft Sentinel
How to send custom data from Azure Logic Apps to Microsoft Sentinel using the Logs Ingestion API.
  Mikko Koivunen
Enterprise-scale SecOps: Naming conventions
Continuing on a journey started in early 2023. How to deploy a well-architected security toolkit in Azure? This time we look at resource naming…
  Mikko Koivunen
Multi-tenant XDR incidents in Microsoft Sentinel
The native Sentinel Connector for Microsoft Defender XDR only supports integration inside one tenant. How to collect incidents from multiple tenants to…
  Mikko Koivunen
SecOpsLab
SecOpsLab
Articles by Mikko Koivunen on security operations & threat detection, usually in the Microsoft cloud ecosystem.
Recommendations
Detection Engineering Weekly
Detection Engineering Weekly
Zack Allen
Cyber Defence Analysis for Blue & Purple Teams
Cyber Defence Analysis for Blue & Purple Teams
Ollie
© 2025 Mikko Koivunen · PrivacyTermsCollection notice
Start your SubstackGet the app
Substack is the home for great culture