SecOpsLab
Subscribe
Sign in
Home
Archive
About
Latest
Top
Discussions
Microsoft Sentinel incident list in Teams
A live view of Microsoft Sentinel incidents directly in Microsoft Teams? Its possible and as I’ve implemented this a few times recently, I wanted to…
Jan 30
•
Mikko Koivunen
8
Share this post
SecOpsLab
Microsoft Sentinel incident list in Teams
Copy link
Facebook
Email
Notes
More
4
Modular playbook architectures
Sometimes we end up building problems for ourselves when creating automations in Microsoft Sentinel. One way to work around some of these problems is to…
Jan 23
•
Mikko Koivunen
2
Share this post
SecOpsLab
Modular playbook architectures
Copy link
Facebook
Email
Notes
More
May 2024
Differentiate XDR and SIEM incidents
After onboarding to Unified SIEM & XDR portal, the incident status and history log table gets a rewrite. We need a new approach to differentiate between…
May 30, 2024
•
Mikko Koivunen
1
Share this post
SecOpsLab
Differentiate XDR and SIEM incidents
Copy link
Facebook
Email
Notes
More
Direct linking to Microsoft Sentinel incidents in the unified portal
This might be the smallest thing I've ever written about here, but anyhow.. If you've onboarded to SIEM & XDR unified portal, you may wonder how to…
May 23, 2024
•
Mikko Koivunen
Share this post
SecOpsLab
Direct linking to Microsoft Sentinel incidents in the unified portal
Copy link
Facebook
Email
Notes
More
April 2024
Send custom data from Logic Apps to Microsoft Sentinel
How to send custom data from Azure Logic Apps to Microsoft Sentinel using the Logs Ingestion API.
Apr 9, 2024
•
Mikko Koivunen
1
Share this post
SecOpsLab
Send custom data from Logic Apps to Microsoft Sentinel
Copy link
Facebook
Email
Notes
More
January 2024
Enterprise-scale SecOps: Naming conventions
Continuing on a journey started in early 2023. How to deploy a well-architected security toolkit in Azure? This time we look at resource naming…
Jan 25, 2024
•
Mikko Koivunen
1
Share this post
SecOpsLab
Enterprise-scale SecOps: Naming conventions
Copy link
Facebook
Email
Notes
More
Multi-tenant XDR incidents in Microsoft Sentinel
The native Sentinel Connector for Microsoft Defender XDR only supports integration inside one tenant. How to collect incidents from multiple tenants to…
Jan 11, 2024
•
Mikko Koivunen
7
Share this post
SecOpsLab
Multi-tenant XDR incidents in Microsoft Sentinel
Copy link
Facebook
Email
Notes
More
1
November 2023
Microsoft Sentinel data engineering with Cribl
With fresh experience from client log pipeline development projects, I wanted to share some quick notes on Sentinel and Cribl Stream integration.
Nov 18, 2023
•
Mikko Koivunen
1
Share this post
SecOpsLab
Microsoft Sentinel data engineering with Cribl
Copy link
Facebook
Email
Notes
More
October 2023
Quality assurance in Microsoft Sentinel: how to ensure accurate threat detections?
You've just pushed 100 Analytics Rules to a Sentinel instance. Mission accomplished, right?
Oct 4, 2023
•
Mikko Koivunen
1
Share this post
SecOpsLab
Quality assurance in Microsoft Sentinel: how to ensure accurate threat detections?
Copy link
Facebook
Email
Notes
More
August 2023
Unlocking Application Visibility in Defender for Cloud Apps
A quick article on how to give an application administrator restricted visibility to a specific app in Defender for Cloud Apps.
Aug 30, 2023
•
Mikko Koivunen
Share this post
SecOpsLab
Unlocking Application Visibility in Defender for Cloud Apps
Copy link
Facebook
Email
Notes
More
June 2023
Introducing the SolutionKB
I am building something new - a searchable database for Microsoft Sentinel Content Hub Solutions.
Jun 28, 2023
•
Mikko Koivunen
Share this post
SecOpsLab
Introducing the SolutionKB
Copy link
Facebook
Email
Notes
More
Maintain a Watchlist on Public IPs in Azure
A simple Logic App for collecting Public IP address resources into a Microsoft Sentinel Watchlist from your Azure tenant
Jun 15, 2023
•
Mikko Koivunen
2
Share this post
SecOpsLab
Maintain a Watchlist on Public IPs in Azure
Copy link
Facebook
Email
Notes
More
1
Share
Copy link
Facebook
Email
Notes
More
This site requires JavaScript to run correctly. Please
turn on JavaScript
or unblock scripts