June 24, 2022

Spice Up Your Microsoft Sentinel KQL Query Results with Emoji

Here’s a little-known tip that can help brighten an otherwise mundane query existence. Instead of producing the normal query results of boring and blah rows and […]
June 22, 2022

How to Use Threatview.io Threat Intelligence Feeds with Microsoft Sentinel

Threatview.io provides some excellent threat intelligence feeds that can be used with Microsoft Sentinel as external sources. The Threatview.io feeds are updated regularly – generated daily […]
June 22, 2022

How to Get a List of Your Active Analytics Rules for Microsoft Sentinel

Though I’ve used the Workspace Usage Report Workbook a hundred times or more, I’ve never quite identified this little treasure myself. There’s a number of times […]
June 22, 2022

How to Import One or Multiple Analytics Rules into Microsoft Sentinel

There are a few PowerShell options out there (including the official module) to help automate content and collateral deployment to your Microsoft Sentinel workspace. But the […]
June 2, 2022

How to Query HaveIBeenPwned Using a Microsoft Sentinel Playbook

I’ve known Troy Hunt for a number of years and his contributions to the security and privacy industry have been hugely valuable and much appreciated by […]
June 1, 2022

How to Use a Playbook to Add Geographical Data for IP Addresses to a Microsoft Sentinel Incident

We have a Playbook out on the official GitHub Repo that queries the IP-API.com website with IP addresses and then writes the geographical information to an […]