Archive - SecOpsLab

Microsoft Sentinel incident list in Teams

A live view of Microsoft Sentinel incidents directly in Microsoft Teams? Its possible and as I’ve implemented this a few times recently, I wanted to…

Jan 30 •

Modular playbook architectures

Sometimes we end up building problems for ourselves when creating automations in Microsoft Sentinel. One way to work around some of these problems is to…

Jan 23 •

May 2024

Differentiate XDR and SIEM incidents

After onboarding to Unified SIEM & XDR portal, the incident status and history log table gets a rewrite. We need a new approach to differentiate between…

May 30, 2024 •

Direct linking to Microsoft Sentinel incidents in the unified portal

This might be the smallest thing I've ever written about here, but anyhow.. If you've onboarded to SIEM & XDR unified portal, you may wonder how to…

May 23, 2024 •

April 2024

Send custom data from Logic Apps to Microsoft Sentinel

How to send custom data from Azure Logic Apps to Microsoft Sentinel using the Logs Ingestion API.

Apr 9, 2024 •

January 2024

Enterprise-scale SecOps: Naming conventions

Continuing on a journey started in early 2023. How to deploy a well-architected security toolkit in Azure? This time we look at resource naming…

Jan 25, 2024 •

Multi-tenant XDR incidents in Microsoft Sentinel

The native Sentinel Connector for Microsoft Defender XDR only supports integration inside one tenant. How to collect incidents from multiple tenants to…

Jan 11, 2024 •

November 2023

Microsoft Sentinel data engineering with Cribl

With fresh experience from client log pipeline development projects, I wanted to share some quick notes on Sentinel and Cribl Stream integration.

Nov 18, 2023 •

October 2023

Quality assurance in Microsoft Sentinel: how to ensure accurate threat detections?

You've just pushed 100 Analytics Rules to a Sentinel instance. Mission accomplished, right?

Oct 4, 2023 •

August 2023

Unlocking Application Visibility in Defender for Cloud Apps

A quick article on how to give an application administrator restricted visibility to a specific app in Defender for Cloud Apps.

Aug 30, 2023 •

June 2023

Introducing the SolutionKB

I am building something new - a searchable database for Microsoft Sentinel Content Hub Solutions.

Jun 28, 2023 •

Maintain a Watchlist on Public IPs in Azure

A simple Logic App for collecting Public IP address resources into a Microsoft Sentinel Watchlist from your Azure tenant

Jun 15, 2023 •

#nojs-banner { position: fixed; bottom: 0; left: 0; padding: 16px 16px 16px 32px; width: 100%; box-sizing: border-box; background: red; color: white; font-family: -apple-system, "Segoe UI", Roboto, Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 13px; line-height: 13px; } #nojs-banner a { color: inherit; text-decoration: underline; } This site requires JavaScript to run correctly. Please turn on JavaScript or unblock scripts