Archive - SecOpsLab

Differentiate XDR and SIEM incidents

After onboarding to Unified SIEM & XDR portal, the incident status and history log table gets a rewrite. We need a new approach to differentiate between…

May 30 •

Direct linking to Microsoft Sentinel incidents in the unified portal

This might be the smallest thing I've ever written about here, but anyhow.. If you've onboarded to SIEM & XDR unified portal, you may wonder how to…

May 23 •

April 2024

Send custom data from Logic Apps to Microsoft Sentinel

How to send custom data from Azure Logic Apps to Microsoft Sentinel using the Logs Ingestion API.

Apr 9 •

January 2024

Enterprise-scale SecOps: Naming conventions

Continuing on a journey started in early 2023. How to deploy a well-architected security toolkit in Azure? This time we look at resource naming…

Jan 25 •

Multi-tenant XDR incidents in Microsoft Sentinel

The native Sentinel Connector for Microsoft Defender XDR only supports integration inside one tenant. How to collect incidents from multiple tenants to…

Jan 11 •

November 2023

Microsoft Sentinel data engineering with Cribl

With fresh experience from client log pipeline development projects, I wanted to share some quick notes on Sentinel and Cribl Stream integration.

Nov 18, 2023 •

October 2023

Quality assurance in Microsoft Sentinel: how to ensure accurate threat detections?

You've just pushed 100 Analytics Rules to a Sentinel instance. Mission accomplished, right?

Oct 4, 2023 •

August 2023

Unlocking Application Visibility in Defender for Cloud Apps

A quick article on how to give an application administrator restricted visibility to a specific app in Defender for Cloud Apps.

Aug 30, 2023 •

June 2023

Introducing the SolutionKB

I am building something new - a searchable database for Microsoft Sentinel Content Hub Solutions.

Jun 28, 2023 •

Maintain a Watchlist on Public IPs in Azure

A simple Logic App for collecting Public IP address resources into a Microsoft Sentinel Watchlist from your Azure tenant

Jun 15, 2023 •

May 2023

Facing a problem with Microsoft 365 Defender Data Connector in Sentinel?

A quick post to document an unofficial, hopefully temporary workaround for an "Interaction required" error when configuring the M365 Defender connector.

May 9, 2023 •

Living in a Lighthouse: Defender for Cloud

Azure Lighthouse provides cross-tenant management capabilities in Defender for Cloud. Let's take a brief look at how it works in practice and what the…

May 2, 2023 •

#nojs-banner { position: fixed; bottom: 0; left: 0; padding: 16px 16px 16px 32px; width: 100%; box-sizing: border-box; background: red; color: white; font-family: -apple-system, "Segoe UI", Roboto, Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 13px; line-height: 13px; } #nojs-banner a { color: inherit; text-decoration: underline; } This site requires JavaScript to run correctly. Please turn on JavaScript or unblock scripts