Recent Posts
The first section of this Study guide is going to cover Information types and trainable classifiers but maybe first introducing the different trials that you can use to try them out, if you don’t have real licenses available. You can…
Previously I did Study guides for SC-300, AZ-500, SC-100 and SC-200. So now it’s the turn for the Compliance part under the Security umbrella. See here for the previous Study guides. And if you want to have 1to1 mentoring sessions,…
Create custom hunting queries Like stated in the last part, all Gallery content has been Centralized to Content hub. You will see the following notification under Custom hunting rules. https://learn.microsoft.com/en-us/azure/sentinel/sentinel-content-centralize If you need inspiration based on MITRE Framework for your…
Licensing Advanced Identity governance has now a new license set and you can acquire it as a addon called Step Up. Some older functionalities still live inside P1 and P2 licensing models. Here the list of feature available only from…
Activate and customize Microsoft Sentinel workbook templates When we are talking about templates, it’s important to see the following information, you will see this inside your Sentinel workspace. Once you Click on Continue, it will start the migration and show…
In this post I will cover two different providers for SSE and in my opinion these are the top notch ones. Let’s me explain why and then you disagree or agree, just giving my opinion. But first let’s see what…
When it was still in Public preview, I wrote this post on it. Templates available So, let’s see what has changed. These are the templates that are currently available, no change here. The process of Exporting You can download policies…
Triage incidents in Microsoft Sentinel What is Triaging? The SOC’s initial level is triaging. Triaging incoming security situations and assessing their seriousness are the responsibilities of Tier 1 employees. This entails figuring out the incident’s origin, estimating its size, and…
13th section starting and this time were are learning on automation, alerts and remediation. Configure automation rules By centrally managing automation rules for event management, users may streamline complicated incident orchestration procedures. Automation rules are triggered by the creation of…
Why to? For now policy settings can be moved at your own pace but the procedure is completely reversible. While you specifically specify authentication methods for users and groups in the Authentication methods policy, you can continue to employ tenant-wide…
RSS - Posts