cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Microsoft Sentinel Blog
Options
1,765

Configuring archive period for tables at Mass for Data Retention within Log Analytics Workspace

VipulDabhi on May 23 2024 11:23 AM
Configuring archive period for tables at Mass for Data Retention within Log Analytics Workspace, the archival is support...
1,573

PART 3 - Ingesting AWS GovCloud Microsoft Sentinel in Azure Commercial

jeffsc on May 13 2024 08:00 AM
The next installment of AWS and Microsoft Sentinel for Government customers
6,607

SOC optimization: unlock the power of precision-driven security management

MichalShechter on May 06 2024 09:07 AM
Take your SOC to the next level with actionable recommendations tailored to your organization
4,254

Microsoft Sentinel: Delivering value to your SOC

Israel_Aloni on May 06 2024 08:47 AM
Microsoft Sentinel is a modern SIEM solution delivering value to your SOC. Learn how you can transform your SOC with the...
2,633

Send data to Microsoft Sentinel using Cribl Stream

Eric Burkholder on May 06 2024 06:00 AM
Microsoft Sentinel has over 350 partner integrations and we are excited to highlight a recent Together, Microsoft and Cr...
23.9K

Examining the Deception infrastructure in place behind code.microsoft.com

robeving on Apr 26 2024 07:51 PM
The domain name code.microsoft.com has an interesting story behind it. Here we examine how we've used this to collect ac...
3,001

Setting up Sentinel for Kubernetes Monitoring

Umesh_Nagdev on Apr 19 2024 07:55 AM
A guide to using Microsoft Sentinel for monitoring the security of your containerized applications and orchestration pla...
2,150

Ingesting Non-Microsoft Cloud Security Data into Microsoft Sentinel for Gov & DIB customers part 2

jeffsc on Apr 15 2024 11:17 AM
This is a continuation of the series discussion ingesting non-Microsoft cloud security data into Microsoft Sentinel. In ...
2,157

Ingesting Non-Microsoft Cloud Security Data into Microsoft Sentinel for Government & DIB Customers

jeffsc on Apr 15 2024 11:17 AM
Microsoft Azure Government customers that are using Microsoft Sentinel to monitor their Azure & Office 365 Tenants, the ...
5,248

[What's New] Easily migrate to Microsoft Sentinel with the new SIEM migration experience

Preeti_Krishna on Mar 28 2024 02:56 PM
Announcing GA of the new Microsoft Sentinel SIEM migration experience to enable you to bring in your SIEM detections int...
6,352

Create Codeless Connectors with the Codeless Connector Builder (Preview)

Matt_Lowe on Mar 14 2024 05:21 PM
Hate JSON templates? Looking to make your own Codeless Connectors for Microsoft Sentinel? You’re in luck. This workbook ...
4,368

Monitoring Kubernetes Clusters, Image Build Environment and Container Registries with Sentinel

Umesh_Nagdev on Feb 20 2024 07:04 AM
A guide to using Microsoft Sentinel for monitoring the security of your containerized applications and orchestration pla...
3,489

Upcoming Content Hub AMA supported Data Connectors

Josefa-Sepulveda on Feb 08 2024 07:58 AM
Upcoming Content Hub Azure Monitoring Agent (AMA) supported Data Connectors
5,877

Create Tasks Repository in Microsoft Sentinel

BenjiSec on Feb 06 2024 04:03 AM
In this blog, we will demonstrate how utilization of watchlists, automation rules, and playbooks can be used as tasks re...
5,556

What's New: CrowdStrike Falcon Data Replicator V2 Data Connector is now Generally Available!

PrateekTaneja on Feb 04 2024 10:22 PM
The CrowdStrike Falcon Data replicator V2 Data connector is now available as a part of the CrowdStrike Falcon Endpoint P...
6,031

Unleash the full potential of User and Entity Behavior Analytics with our updated workbook

madesous on Jan 17 2024 05:27 AM
We have updated the User and Entity Behavior Analytics workbook to include more. Now, you can prioritize incidents based...
3,603

Querying Watchlists

GBushey on Jan 16 2024 07:20 AM
Learn how to use _ASIM_GetWatchlistRaw to return specific rows in a watchlist.
4,112

Leveraging CEF with Azure Monitor Agent (AMA) for GCP-Hosted Fortinet Firewall and Syslog Forwarder,

VipulDabhi on Jan 08 2024 11:11 AM
Blog Title: "Leveraging CEF with Azure Monitor Agent (AMA) for GCP-Hosted Fortinet Firewall and Syslog Forwarder, connec...
6,822

Use Azure DevOps to manage Sentinel for MSSPs and Multi-tenant Environments

timurengin on Jan 08 2024 11:10 AM
Automate Sentinel resource deployment in multi-tenant scenarios using Azure DevOps and Sentinel Repositories. Enable ver...
27.5K

Become a Microsoft Unified SOC Platform Ninja

Josefa-Sepulveda on Jan 02 2024 02:24 AM
Get deeper using Unified Security Operations Platform with Microsoft Sentinel and Defender XDR Ninja Training!
51.6K

Identifying Adversary-in-the-Middle (AiTM) Phishing Attacks through 3rd-Party Network Detection

Arjun_Trivedi on Nov 29 2023 10:13 PM
Delve into the intricacies of Adversary-in-the-Middle (AiTM) phishing attacks as we explore the latest trends, threats, ...
10.5K

Microsoft Sentinel: Public preview of Microsoft Defender for Cloud to Defender XDR integration

skochavi on Nov 27 2023 01:21 PM
With the announcement of the release to Public Preview of Microsoft Defender for Cloud integration into Microsoft Defend...
9,050

Sentinel's Enrichment Widgets: Elevating Cybersecurity Intelligence with Microsoft

ShaharAviv on Nov 20 2023 10:27 PM
Discover the innovative Enrichment Widgets in Microsoft Sentinel, a feature designed to improve the investigation proces...
6,961

Microsoft Sentinel Partner Solution Contributions update - Ignite 2023

Eric Burkholder on Nov 15 2023 02:26 PM
Content Hub continues to grow with new content from Microsoft Security Software Partners! Learn about the latest Microso...
64.8K

Introducing a Unified Security Operations Platform with Microsoft Sentinel and Defender XDR

Erez Einav on Nov 15 2023 08:00 AM
Read about our announcement of an exciting private preview that represents the next step in the SOC protection and effic...
5,872

Architecture Guidance: How to ingest GCP Firewall\VPC logs into Microsoft Sentinel

mahmoudmsft on Nov 08 2023 10:02 AM
Using log ingestion API to Pull firewall logs from GCP PubSub and ingest it into Sentine. l

Latest Comments

XIYAR
in Transferring Microsoft Sentinel scheduled alert rules between different workspaces using PowerShell on May 30 2024 01:32 AM
Two years passed since the article is published and would be a great help if it still works.
0 Likes
Alistair87
in Split Microsoft Sentinel Tables with Multi-Destination Data Collection Rules on May 28 2024 04:47 AM
@mikhailf , making the output the same schema will make it easier to use the same queries across both. I've made a simple PowerShell function for this exact scenario to duplicate tables from an existing one found here. The-Cloud-Brain-Dump/Toolshed/Sentinel Toolbox/Copy-LogAnalyticsTable.ps1 at main...
0 Likes
MichalShechter
in SOC optimization: unlock the power of precision-driven security management on May 28 2024 02:20 AM
@Erik_Snijder for data value optimizations - yes! If your custom logs aren't used for detections, or not used at all, it'll be surfaced in a recommendation.
0 Likes
Erik_Snijder
in SOC optimization: unlock the power of precision-driven security management on May 28 2024 02:07 AM
Hi, Does the SOC optimization tool support custom logs at this time?Regards, Erik
0 Likes
mikhailf
in Split Microsoft Sentinel Tables with Multi-Destination Data Collection Rules on May 27 2024 11:55 PM
Grate article. Thank you. If we want to split logs from Syslog table to another Custom-Table1. Should the Custom-Table1 have the same schema as Syslog?Is it possible to split logs from Syslog to 2 or more tables?
0 Likes