SecOpsLab
Subscribe
Sign in
Home
Archive
About
Latest
Top
Discussions
Differentiate XDR and SIEM incidents
After onboarding to Unified SIEM & XDR portal, the incident status and history log table gets a rewrite. We need a new approach to differentiate between…
May 30
•
Mikko Koivunen
1
Share this post
Differentiate XDR and SIEM incidents
secopslab.substack.com
Copy link
Facebook
Email
Note
Other
Direct linking to Microsoft Sentinel incidents in the unified portal
This might be the smallest thing I've ever written about here, but anyhow.. If you've onboarded to SIEM & XDR unified portal, you may wonder how to…
May 23
•
Mikko Koivunen
Share this post
Direct linking to Microsoft Sentinel incidents in the unified portal
secopslab.substack.com
Copy link
Facebook
Email
Note
Other
April 2024
Send custom data from Logic Apps to Microsoft Sentinel
How to send custom data from Azure Logic Apps to Microsoft Sentinel using the Logs Ingestion API.
Apr 9
•
Mikko Koivunen
1
Share this post
Send custom data from Logic Apps to Microsoft Sentinel
secopslab.substack.com
Copy link
Facebook
Email
Note
Other
January 2024
Enterprise-scale SecOps: Naming conventions
Continuing on a journey started in early 2023. How to deploy a well-architected security toolkit in Azure? This time we look at resource naming…
Jan 25
•
Mikko Koivunen
1
Share this post
Enterprise-scale SecOps: Naming conventions
secopslab.substack.com
Copy link
Facebook
Email
Note
Other
Multi-tenant XDR incidents in Microsoft Sentinel
The native Sentinel Connector for Microsoft Defender XDR only supports integration inside one tenant. How to collect incidents from multiple tenants to…
Jan 11
•
Mikko Koivunen
6
Share this post
Multi-tenant XDR incidents in Microsoft Sentinel
secopslab.substack.com
Copy link
Facebook
Email
Note
Other
1
November 2023
Microsoft Sentinel data engineering with Cribl
With fresh experience from client log pipeline development projects, I wanted to share some quick notes on Sentinel and Cribl Stream integration.
Nov 18, 2023
•
Mikko Koivunen
1
Share this post
Microsoft Sentinel data engineering with Cribl
secopslab.substack.com
Copy link
Facebook
Email
Note
Other
October 2023
Quality assurance in Microsoft Sentinel: how to ensure accurate threat detections?
You've just pushed 100 Analytics Rules to a Sentinel instance. Mission accomplished, right?
Oct 4, 2023
•
Mikko Koivunen
1
Share this post
Quality assurance in Microsoft Sentinel: how to ensure accurate threat detections?
secopslab.substack.com
Copy link
Facebook
Email
Note
Other
August 2023
Unlocking Application Visibility in Defender for Cloud Apps
A quick article on how to give an application administrator restricted visibility to a specific app in Defender for Cloud Apps.
Aug 30, 2023
•
Mikko Koivunen
Share this post
Unlocking Application Visibility in Defender for Cloud Apps
secopslab.substack.com
Copy link
Facebook
Email
Note
Other
June 2023
Introducing the SolutionKB
I am building something new - a searchable database for Microsoft Sentinel Content Hub Solutions.
Jun 28, 2023
•
Mikko Koivunen
Share this post
Introducing the SolutionKB
secopslab.substack.com
Copy link
Facebook
Email
Note
Other
Maintain a Watchlist on Public IPs in Azure
A simple Logic App for collecting Public IP address resources into a Microsoft Sentinel Watchlist from your Azure tenant
Jun 15, 2023
•
Mikko Koivunen
2
Share this post
Maintain a Watchlist on Public IPs in Azure
secopslab.substack.com
Copy link
Facebook
Email
Note
Other
1
May 2023
Facing a problem with Microsoft 365 Defender Data Connector in Sentinel?
A quick post to document an unofficial, hopefully temporary workaround for an "Interaction required" error when configuring the M365 Defender connector.
May 9, 2023
•
Mikko Koivunen
1
Share this post
Facing a problem with Microsoft 365 Defender Data Connector in Sentinel?
secopslab.substack.com
Copy link
Facebook
Email
Note
Other
6
Living in a Lighthouse: Defender for Cloud
Azure Lighthouse provides cross-tenant management capabilities in Defender for Cloud. Let's take a brief look at how it works in practice and what the…
May 2, 2023
•
Mikko Koivunen
Share this post
Living in a Lighthouse: Defender for Cloud
secopslab.substack.com
Copy link
Facebook
Email
Note
Other
Share
Copy link
Facebook
Email
Note
Other
This site requires JavaScript to run correctly. Please
turn on JavaScript
or unblock scripts