Archive - SecOpsLab

New

Top

Discussion

Microsoft Sentinel data engineering with Cribl

With fresh experience from client log pipeline development projects, I wanted to share some quick notes on Sentinel and Cribl Stream integration.

Nov 18 •

October 2023

Quality assurance in Microsoft Sentinel: how to ensure accurate threat detections?

You've just pushed 100 Analytics Rules to a Sentinel instance. Mission accomplished, right?

Oct 4 •

August 2023

Unlocking Application Visibility in Defender for Cloud Apps

A quick article on how to give an application administrator restricted visibility to a specific app in Defender for Cloud Apps.

Aug 30 •

June 2023

Introducing the SolutionKB

I am building something new - a searchable database for Microsoft Sentinel Content Hub Solutions.

Jun 28 •

Maintain a Watchlist on Public IPs in Azure

A simple Logic App for collecting Public IP address resources into a Microsoft Sentinel Watchlist from your Azure tenant

Jun 15 •

May 2023

Facing a problem with Microsoft 365 Defender Data Connector in Sentinel?

A quick post to document an unofficial, hopefully temporary workaround for an "Interaction required" error when configuring the M365 Defender connector.

May 9 •

Living in a Lighthouse: Defender for Cloud

Azure Lighthouse provides cross-tenant management capabilities in Defender for Cloud. Let's take a brief look at how it works in practice and what the…

May 2 •

April 2023

Incident management & on-call schedules with Microsoft Sentinel

Are there benefits in using a separate incident management platform together with a SIEM? Let's investigate.

Apr 10 •

March 2023

Using Managed Identities in Azure AD response playbooks

Some notes related to authenticating with the out-of-the-box (OOTB) provided Microsoft Sentinel Playbooks for Azure AD.

Mar 24 •

February 2023

Enterprise-scale SecOps: Azure architecture

How to deploy a well-architected security toolkit in Azure?

Feb 6 •

January 2023

Microsoft Sentinel: Living in a Lighthouse

For 2023 I have set myself a goal of doing feature focus videos for Microsoft Sentinel. First one goes live now, showing the user experience of…

Jan 25 •

November 2022

Different approaches to Detection as Code

Introduction While I spend most of my “SIEM time” in Microsoft Sentinel these days, I believe it’s important to understand how the product field in…

Nov 25, 2022 •

#nojs-banner { position: fixed; bottom: 0; left: 0; padding: 16px 16px 16px 32px; width: 100%; box-sizing: border-box; background: red; color: white; font-family: -apple-system, "Segoe UI", Roboto, Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 13px; line-height: 13px; } #nojs-banner a { color: inherit; text-decoration: underline; } This site requires JavaScript to run correctly. Please turn on JavaScript or unblock scripts