What's New: Tags column is now available in Azure Sentinel incidents page!
Hello everyone, We are happy to share with you a small but important improvement we added to our incidents blade – a new tag column is now available as part of the Incidents list! Tags are an integral part of the triaging process so we are now exposing them in a new column of the incident list. This improvement allows users to get informed about the tags that are related to the incidents without having to pivot to the incident preview page or full details. Every second counts, right?
Microsoft sentinel custom parsers
Dear All, There are charges as per the Microsoft website for creating custom coloumns during parsing. Please let me know the following:- What is the charge exactly? How much i will charge if i do parsing and create a single custom coloumns? What is i do the parsing and use the already existing coloumns for example "Account", is there any charges for it? Kindly share any supporting documents or links from Microsoft for support. Regards Sammy. https://techcommunity.microsoft.com/t5/microsoft-sentinel/latest-costing-billing-changes/m-p/3679568
New Blog Post | Microsoft Sentinel this Week – Issue #75
Microsoft Sentinel this Week – Issue #75 - Azure Cloud & AI Domain Blog (azurecloudai.blog) We have one YAMS (yet another Microsoft survey) this week to give you some small way in contributing to the success of Microsoft Sentinel. Utilizing Network Data for Security Needs in Microsoft Sentinel The Microsoft Sentinel engineering team is exploring ways of expanding security coverage to customers by analyzing network flows, metadata, and patterns that can be collected from various network elements and service elements in estate. We ask for your help in understanding your security needs, practices, network infrastructure and current network telemetry collection methods to help us in this effort. To do so, simply complete this survey. Link to survey: https://rodtrent.com/ug5 … In less than a year, the LinkedIn community group for Microsoft Sentinel has grown to over 6,000 members. That in itself is pretty phenomenal. But the bigger number is the level of engagement. According to LinkedIn stats the level of engagement equals the following on monthly averages: 339,000 post views 165 comments 3,800 reactions We recently posted a survey to get a feel for where folks are most comfortable participating in community for Microsoft Sentinel and not surprisingly LinkedIn led the way. But some of the other areas may surprise some. Take a look at the survey results: https://rodtrent.com/bi8Monitor the utilization of log analytics workspace and Microsoft sentinel
Dear All, We wanted to monitor the underlying utilization of Log analytics workspace and microft sentinel? Both the services should be running on some underlying VM's or something is there any way I can monitor the cpu/memory/ram utlization of LA workspace and sentinel? Regards, SharukhNew Blog Post | Anomali Limo Feeds for Microsoft Sentinel to Expire for Good
Anomali Limo Feeds for Microsoft Sentinel to Expire for Good - Azure Cloud & AI Domain Blog (azurecloudai.blog) I’m sure there’s some organizational reason why Anomali wants to detach itself from maintaining these feeds. If you use these feeds for Microsoft Sentinel demos, consider querying the ThreatIntelligenceIndicator table for the Limo feeds and exporting the results to save them for later for when the active feed dries up. ThreatIntelligenceIndicator | where SourceSystem contains "Limo" You can then use our new functionality to import flat files into ThreatIntelligence and reuse the continually stale indicators.New Blog Post | Microsoft Sentinel this Week – Issue #76
Microsoft Sentinel this Week – Issue #76 - Azure Cloud & AI Domain Blog (azurecloudai.blog) Many of you are already familiar with the Microsoft Security Insights show that is hosted each Wednesday evening. For those not familiar, the hour-long dialog show introduces guests from various areas within Microsoft and some of our partners. It delivers live starting at 5pm EST every Wednesday. For those that miss the live event and miss asking live questions, the replay is available immediately after and the audio is delivered as a podcast the week after. As an example, the next episode (117) is on August 31st, and features Kara Cole (CxE Program Manager) and Kim Griffiths (Program Manager for CxE and CAT). You can subscribe to the YouTube channel or set a notification to be reminded here: https://youtu.be/zkxgKQPUqsg This one will be extra interesting as a recent guest, Gary Bushey, will be guest hosting. Kara is Gary’s manager. Imagine trying to interview your own boss on a podcast. We’ve recently changed our streaming platform to deliver to more people at once and begun to delve deeper into other engagement areas. This is in preparation for a Microsoft Security Insights conference we’re planning in February 2023. More to come on that and, if this interests you, you can keep tabs on the updates in our just christened LinkedIn page: https://www.linkedin.com/company/microsoft-security-insights-show/New Blog Post | Microsoft Sentinel this Week - Issue #62
Microsoft Sentinel this Week - Issue #62 | Revue (getrevue.co) Happy Friday all! Welcome to the 62nd issue of our fine Microsoft Sentinel newsletter. There’s lots of great content this week (as usual some would say) and only a couple additional things to highlight. … First off, of all places, I’m driving to Ft. Wayne, Indiana on Saturday. I’ll be driving 3 hours to make my session time for BSides Security Ft. Wayne. This is an annual security conference held at Sweetwater Sound. If you’re not familiar, Sweetwater is one of the largest music equipment distributors in the US. I’ve never been there before, but my youngest son (the drummer in the band, Urbania) loves the place and visits a couple times a year. So, I’m really looking forward to talking about SOC Efficiency with this group. Wish me luck! And if you happen to be attending this thing, let me know. Due to the 3-hour drive each way, I probably won’t be hanging around for too long after I deliver my session. And even if you can’t join in-person, you can join virtually: Live Chat: https://lnkd.in/gmUUxwMg Live Stream: https://lnkd.in/g9M5rbfi … We have a YAMS (Yet Another Microsoft Survey) this week. Help us help you! Feedback for Microsoft Sentinel Tutorials The Microsoft Sentinel engineering team is looking to improve and increase the list of Microsoft Sentinel tutorials that you can find at https://docs.microsoft.com/azure/sentinel/, under the section Tutorials (see picture in the first question). The tutorials are created to help customers who are either at the initial steps of their Microsoft Sentinel deployments, or expanding them, and who are looking for guidance on securing their most important scenarios. Respond here: https://cda.ms/4jM … Before leaving you to the newsletter content, I have one more big note. The Must Learn KQL learning series is an unequivocal success but more needs to be done. I outline in a recent post the number of completion certificates I’ve handed out already and while that number is wonderful, more people need to get the message how important learning KQL really is. So, the Must Learn KQL book is now available on Amazon! Kindle version: https://amzn.to/3MyMOOS Paperback: https://amzn.to/3sN8ajE Hardcover: https://amzn.to/3yOAFRS This gives it a much wider audience and like everything that’s part of this learning series, any and all profit goes directly to St. Jude Children’s Research Hospital. I owned and sold an eBook publishing company (NetImpress) way back in 2004-2005 before even Amazon had concocted its own eBook production methods. It was revolutionary at the time and most of what our company did had to be invented. And, while many of the same things I learned through NetImpress are still valid and useful today, there are many aspects that have changed or just didn’t exist. Developing and delivering Must Learn KQL series has been a pioneering experience on all the nuances of producing a learning series in this manner and I suspect others will take notice and begin duplicating my efforts. There are some other things to tweak, but I do know that I’ll be doing it again with another series in the very near future. Stay tuned. … That’s it for now. Have a wonderful weekend and week ahead. Talk soon. -Rod Original Post: New Blog Post | Microsoft Sentinel this Week - Issue #62 - Microsoft Tech Community
Unified Security Operation Sentinel Vs Defender Tables
I have a question regarding the Unified SOC portal. In the session below, they highlighted one advantage: the ability to use Defender and Sentinel Tables together. However, both the SignInLogs and DeviceLogonEvents tables are already accessible in Sentinel through the Defender connector. Am I missing something, or did they use an incorrect example to demonstrate an advantage that Sentinel already provides? Unified Security Operations Platform GA launch and exclusive demo
