GITHUB - AI Sentinel attack simulation
The recent support for Model Context Protocol (MCP) with Claude Desktop has opened the door for some really useful testing capability with Sentinel and emerging threats. I'm happy to share with the community a GitHub project that demonstrates the use of MCP against current exploits to generate simulated attack data that can be used with testing migrated ASIM alert rules. MCP allows for up-to-date exploits to be queried... ... and with AI prompting, simulated attack events can be created against our Sentinel test environments. Which results in a simulated attack based on the exploit being referenced. This is really useful for testing the migration of our Sentinel alert rules to ASIM! The full code and details about the project are available here: https://laurierhodes.info/node/175
Unified Security Operation Sentinel Vs Defender Tables
I have a question regarding the Unified SOC portal. In the session below, they highlighted one advantage: the ability to use Defender and Sentinel Tables together. However, both the SignInLogs and DeviceLogonEvents tables are already accessible in Sentinel through the Defender connector. Am I missing something, or did they use an incorrect example to demonstrate an advantage that Sentinel already provides? Unified Security Operations Platform GA launch and exclusive demo
Unified Sentinel and playbooks
Hi all It's been a few weeks now since the unified Sentinel experience dropper publicly and I've been running that since then. It was alot of bells, whistles and hype build since the Ignite event but I feel like...meh, now what. What happened to playbooks? What happened to all the automations we had that enriched events into the the audit logs in Sentinel for correlation? These are either gone or not working as intended anymore. Before the "unification" we had an incident come in from our firewalls with a blocked URL which was enriched from externa threat intelligence sources and could be closed within minutes by an operator after scrolling the audit log. Now it seems the idea is for the operator to click around in the Defender portal and view the different pages for similar information, not to mentioning the seemingly nesessity for the Microsoft Intelligence platform, before the operator can determine the posture of an incident. It feels like we took a step back. Peace /FredrikWhat's New: Tags column is now available in Azure Sentinel incidents page!
Hello everyone, We are happy to share with you a small but important improvement we added to our incidents blade – a new tag column is now available as part of the Incidents list! Tags are an integral part of the triaging process so we are now exposing them in a new column of the incident list. This improvement allows users to get informed about the tags that are related to the incidents without having to pivot to the incident preview page or full details. Every second counts, right?Announcing General Availability of PIM Enabled Azure Lighthouse Delegations
I am excited to share today’s general availability announcement of PIM Enabled Azure Lighthouse Delegations. With Azure Lighthouse, service providers can deliver managed services using comprehensive and robust tooling built into the Azure platform. The addition of PIM enabled delegations takes Azure Lighthouse’s granular access to the next level, by assigning service providers the exact level of access needed, per resource, for the exact amount of time needed to complete a task. This has been a top ask from customers, and we’re thrilled to deliver this powerful capability to our customers! Learn more in the announcement here: Azure Lighthouse PIM Enabled Delegations - Microsoft Community Hub.
Microsoft sentinel custom parsers
Dear All, There are charges as per the Microsoft website for creating custom coloumns during parsing. Please let me know the following:- What is the charge exactly? How much i will charge if i do parsing and create a single custom coloumns? What is i do the parsing and use the already existing coloumns for example "Account", is there any charges for it? Kindly share any supporting documents or links from Microsoft for support. Regards Sammy. https://techcommunity.microsoft.com/t5/microsoft-sentinel/latest-costing-billing-changes/m-p/3679568Pre-rqieist for Defender for endpoint and MMA agent installation
Dear All, We need to install the Defender for endpoint agent and the latest MMA agent(Sentienl) in our environment. Kindly let me know the minimum permissons required for the service account for both:- 1) Domain joined machine? 2) Non-domain joined machine? (what min. role required for service account? is it local admin? or any other min. role possible)Monitor the utilization of log analytics workspace and Microsoft sentinel
Dear All, We wanted to monitor the underlying utilization of Log analytics workspace and microft sentinel? Both the services should be running on some underlying VM's or something is there any way I can monitor the cpu/memory/ram utlization of LA workspace and sentinel? Regards, Sharukh
