cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Microsoft Sentinel Blog
Options
1,285

Ingesting Non-Microsoft Cloud Security Data into Microsoft Sentinel for Gov & DIB customers part 2

jeffsc on Apr 15 2024 11:17 AM
This is a continuation of the series discussion ingesting non-Microsoft cloud security data into Microsoft Sentinel. In ...
1,260

Ingesting Non-Microsoft Cloud Security Data into Microsoft Sentinel for Government & DIB Customers

jeffsc on Apr 15 2024 11:17 AM
Microsoft Azure Government customers that are using Microsoft Sentinel to monitor their Azure & Office 365 Tenants, the ...
3,854

[What's New] Easily migrate to Microsoft Sentinel with the new SIEM migration experience

Preeti_Krishna on Mar 28 2024 02:56 PM
Announcing GA of the new Microsoft Sentinel SIEM migration experience to enable you to bring in your SIEM detections int...
4,863

Create Codeless Connectors with the Codeless Connector Builder (Preview)

Matt_Lowe on Mar 14 2024 05:21 PM
Hate JSON templates? Looking to make your own Codeless Connectors for Microsoft Sentinel? You’re in luck. This workbook ...
3,406

Monitoring Kubernetes Clusters, Image Build Environment and Container Registries with Sentinel

Umesh_Nagdev on Feb 20 2024 07:04 AM
A guide to using Microsoft Sentinel for monitoring the security of your containerized applications and orchestration pla...
2,917

Upcoming Content Hub AMA supported Data Connectors

Josefa-Sepulveda on Feb 08 2024 07:58 AM
Upcoming Content Hub Azure Monitoring Agent (AMA) supported Data Connectors
5,077

Create Tasks Repository in Microsoft Sentinel

BenjiSec on Feb 06 2024 04:03 AM
In this blog, we will demonstrate how utilization of watchlists, automation rules, and playbooks can be used as tasks re...
4,089

What's New: CrowdStrike Falcon Data Replicator V2 Data Connector is now Generally Available!

PrateekTaneja on Feb 04 2024 10:22 PM
The CrowdStrike Falcon Data replicator V2 Data connector is now available as a part of the CrowdStrike Falcon Endpoint P...
5,369

Unleash the full potential of User and Entity Behavior Analytics with our updated workbook

madesous on Jan 17 2024 05:27 AM
We have updated the User and Entity Behavior Analytics workbook to include more. Now, you can prioritize incidents based...
3,071

Querying Watchlists

GBushey on Jan 16 2024 07:20 AM
Learn how to use _ASIM_GetWatchlistRaw to return specific rows in a watchlist.
3,330

Leveraging CEF with Azure Monitor Agent (AMA) for GCP-Hosted Fortinet Firewall and Syslog Forwarder,

VipulDabhi on Jan 08 2024 11:11 AM
Blog Title: "Leveraging CEF with Azure Monitor Agent (AMA) for GCP-Hosted Fortinet Firewall and Syslog Forwarder, connec...
5,970

Use Azure DevOps to manage Sentinel for MSSPs and Multi-tenant Environments

timurengin on Jan 08 2024 11:10 AM
Automate Sentinel resource deployment in multi-tenant scenarios using Azure DevOps and Sentinel Repositories. Enable ver...
24.8K

Become a Microsoft Unified SOC Platform Ninja

Josefa-Sepulveda on Jan 02 2024 02:24 AM
Get deeper using Unified Security Operations Platform with Microsoft Sentinel and Defender XDR Ninja Training!
47K

Identifying Adversary-in-the-Middle (AiTM) Phishing Attacks through 3rd-Party Network Detection

Arjun_Trivedi on Nov 29 2023 10:13 PM
Delve into the intricacies of Adversary-in-the-Middle (AiTM) phishing attacks as we explore the latest trends, threats, ...
9,710

Microsoft Sentinel: Public preview of Microsoft Defender for Cloud to Defender XDR integration

skochavi on Nov 27 2023 01:21 PM
With the announcement of the release to Public Preview of Microsoft Defender for Cloud integration into Microsoft Defend...
8,434

Sentinel's Enrichment Widgets: Elevating Cybersecurity Intelligence with Microsoft

ShaharAviv on Nov 20 2023 10:27 PM
Discover the innovative Enrichment Widgets in Microsoft Sentinel, a feature designed to improve the investigation proces...
6,453

Microsoft Sentinel Partner Solution Contributions update - Ignite 2023

Eric Burkholder on Nov 15 2023 02:26 PM
Content Hub continues to grow with new content from Microsoft Security Software Partners! Learn about the latest Microso...
60.6K

Introducing a Unified Security Operations Platform with Microsoft Sentinel and Defender XDR

Erez Einav on Nov 15 2023 08:00 AM
Read about our announcement of an exciting private preview that represents the next step in the SOC protection and effic...
5,332

Architecture Guidance: How to ingest GCP Firewall\VPC logs into Microsoft Sentinel

mahmoudmsft on Nov 08 2023 10:02 AM
Using log ingestion API to Pull firewall logs from GCP PubSub and ingest it into Sentine. l
14.2K

Fortifying Your Defenses: How Microsoft Sentinel Safeguards Your Organization from BEC Attacks

Pete Bryan on Sep 21 2023 03:02 PM
Business Email Compromise (BEC) attacks continue to be some of the most prevalent and costly attacks facing organization...
15.9K

Accelerating Zero Trust Alignment with Microsoft Sentinel

lili on Sep 05 2023 12:18 AM
Learn more about how Microsoft Sentinel can accelerate the journey to zero trust alignment, with a focus on the US Depar...
6,934

Microsoft Sentinel's new incident experience is generally available!

Tiander Turpijn on Aug 30 2023 04:33 AM
We are excited to announce that the Microsoft Sentinel new incident experience is generally available!
18.8K

Introducing Microsoft Sentinel Optimization Workbook

Jeremy Tan on Aug 23 2023 04:30 AM
Gain insights into your Sentinel environment such as ingestion, cost, operational metrics, and more, while also providin...
7,471

Manage Access to Microsoft Sentinel Workbooks with Lower Scoped RBAC

Matt_Lowe on Aug 22 2023 09:30 AM
Leveraging Microsoft Sentinel workbooks for reporting to leadership is a common use case. A common concern is granting r...
13.3K

Help Protect your Exchange Environment With Microsoft Sentinel

Nicolas Lepagnez on Aug 09 2023 04:44 AM
TL;DR; Sentinel + Exchange Servers or Exchange Online = better protected New Microsoft Sentinel security solution for Ex...
11.6K

Automate tasks management to protect your organization against threats

MichalShechter on Aug 01 2023 11:02 AM
Automate tasks management with new playbooks to better triage and investigate phishing, BEC and ransomware attacks and a...
8,962

Taking Entity Investigation to the Next Level: Microsoft Sentinel’s Upgraded Entity Pages

Maayan_Magenheim on Jul 25 2023 07:09 AM
Experience a new standard in security investigations with our enhanced Microsoft Sentinel entity pages. Delve into the e...

Latest Comments

Ciyaresh91
in Split Microsoft Sentinel Tables with Multi-Destination Data Collection Rules on Apr 15 2024 08:06 AM
@Matt_Lowe Is it possible to use this to prevent certain logs from being ingested? Xpath for DCR is not customization enough for us to drop certain logs. We are currently trying to drop certain WindowsEvent table logs(windows event forwarding). This certain event is very noisy and has no value. We c...
0 Likes
Azizjaz24
in Software Defined Monitoring - Using Automated Notebooks and Azure Sentinel to Improve Sec Ops on Apr 15 2024 06:41 AM
Hello, Very helpful blog thank you. I have a question though , is this way of automation is recommanded rather than using playbooks/logic apps to trigger the notebooks i need in the context of SOAR capabilities of sentinel ? like is it better ? if so how ?
0 Likes
Came19xx
in Run Microsoft Sentinel playbooks from workbooks on-demand on Apr 12 2024 07:46 AM
Hi,i've tried implementing this feature and it was working, but now it's failing with error:POST action failedPOST failed. Missing required permissions for Microsoft Sentinel on the playbook resource '/subscriptions/XXXXXXXXX/resourceGroups/XXXXXXX/providers/Microsoft.Logic/workflows/XXXXXXX'ThanksF...
0 Likes
mbbhimji
in Table Level RBAC In Microsoft Sentinel on Apr 11 2024 06:55 AM
A question can this be setup for tables like the SecurityEvent and SecurityAlert table. I did the following and could not get it to work. {"Name": "Test Windows Security Logs Table Access","Id": null,"IsCustom": true,"Description": "Enable users to monitor WIndows servers Security Events and Alerts"...
0 Likes
TheHoff70
in Introducing a Unified Security Operations Platform with Microsoft Sentinel and Defender XDR on Apr 10 2024 02:09 AM
GreetingsI was quick to onboard our Sentinel workspace into our Defender tenant but was then just as quick to find the features available from the Defender portal to be lacking, at least from the perspektive of the workflow we have established in Sentinel over the years.The feature most important to...
0 Likes