Microsoft Sentinel – Azure Feeds

December 16, 2024

Published by Charbel Nemnom on December 16, 2024

Categories

Community

Optimize Costs Using Ingestion-Time Transformation for Fortinet Logs in Microsoft Sentinel

Fortinet firewall logs, when ingested into Sentinel’s `CommonSecurityLog` table, are billed at the Analytics tier rates. For organizations with high log volumes, this can result Continue […]

December 2, 2024

Published by Charbel Nemnom on December 2, 2024

Categories

Community

Effective Approach To Collect Linux Logs to Microsoft Sentinel

Centralized logging is crucial for effectively managing Linux systems. Organizations can streamline their log management processes by using tools like Rsyslog/Syslog-ng and integrating with platforms Continue […]

November 21, 2024

Published by Charbel Nemnom on November 21, 2024

Categories

Community

Effective Solution To Monitor Data Connectors in Microsoft Sentinel

Like all SIEM systems, the Microsoft Sentinel SIEM/XDR product relies heavily on the consistent flow of logs and data from relevant security sources. A typical Continue […]

October 25, 2024

Published by Charbel Nemnom on October 25, 2024

Categories

Community

Effective Approach To Collect Windows Firewall Events to Microsoft Sentinel

The built-in Windows Firewall is a great security feature for the Windows client and server operating systems. While not every organization actively uses Windows Firewall Continue […]

October 7, 2024

Published by Charbel Nemnom on October 7, 2024

Categories

Community

Update Microsoft Sentinel Workbooks Efficiently at Scale (In Bulk)

Microsoft Sentinel comes with Content Hub, which you can use out-of-the-box to get content value and start on Microsoft Sentinel quickly. Solutions in Microsoft Sentinel Continue […]

September 28, 2024

Published by Charbel Nemnom on September 28, 2024

Categories

Community

Integrating Defender EASM with Microsoft Sentinel Guide

Microsoft Defender External Attack Surface Management (EASM) provides organizations with a comprehensive view of their digital attack surfaces. It discovers known and unknown resources, from Continue […]

September 19, 2024

Published by Charbel Nemnom on September 19, 2024

Categories

Community

Enable Sentinel UEBA Activity Templates at Scale (In Bulk)

Once you have enabled Microsoft Sentinel UEBA (User and Entity Behavior Analytics) in your environment, you can customize the entity page and change the activities Continue […]

September 12, 2024

Published by Charbel Nemnom on September 12, 2024

Categories

Community

Deep Dive into Microsoft Sentinel UEBA (User and Entity Behavior Analytics)

Understanding how to effectively use Microsoft Sentinel User and Entity Behavior Analytics (UEBA) can enhance your organization’s security posture. Setting up and configuring UEBA within Continue […]

August 22, 2024

Published by Charbel Nemnom on August 22, 2024

Categories

Community

Rotate Microsoft Sentinel Repositories Connections Effectively

The Microsoft Sentinel repositories feature provides a centralized way to deploy and manage Sentinel content using code. With repositories, you can connect to external source Continue […]

August 7, 2024

Published by Charbel Nemnom on August 7, 2024

Categories

Community

Demystifying Microsoft Sentinel Multi-Tier Logging

Multi-tier logging in Azure Monitor Log Analytics and Microsoft Sentinel offers a structured approach to managing diverse logging needs. Categorizing logs into Analytics, Basic, and Continue […]

July 24, 2024

Published by Charbel Nemnom on July 24, 2024

Categories

Community

Extract Custom Details from Microsoft Sentinel into Logic App

When a security alert is triggered, the information provided in the alert is vital for the security analyst to conduct an investigation. Therefore, the alert Continue […]