Category: Microsoft Sentinel
Now when you open Defender portal (https://security.microsoft.com) you will see the above displayed, this feature is now in Public preview and let’s how the process works. Defender XDR and Sentinel: Working Together This table summarizes the key functionalities and considerations…
Create custom hunting queries Like stated in the last part, all Gallery content has been Centralized to Content hub. You will see the following notification under Custom hunting rules. https://learn.microsoft.com/en-us/azure/sentinel/sentinel-content-centralize If you need inspiration based on MITRE Framework for your…
Activate and customize Microsoft Sentinel workbook templates When we are talking about templates, it’s important to see the following information, you will see this inside your Sentinel workspace. Once you Click on Continue, it will start the migration and show…
Triage incidents in Microsoft Sentinel What is Triaging? The SOC’s initial level is triaging. Triaging incoming security situations and assessing their seriousness are the responsibilities of Tier 1 employees. This entails figuring out the incident’s origin, estimating its size, and…
13th section starting and this time were are learning on automation, alerts and remediation. Configure automation rules By centrally managing automation rules for event management, users may streamline complicated incident orchestration procedures. Automation rules are triggered by the creation of…
12th section starting with more Sentinel. This time we are classifying Entities, creating custom log in Log Analytics and parsing the content. So let’s do some designs and configurations. Classify and analyze data by using entities You can do the…
11th section starting with more and more Sentinel. Already in this series we saw that how the different pieces are connected and helping you SOC teams to proactively work on threats. So let’s do some designs and configurations. Design and…
And in this 10th section on my SC-200 study guide we will go through the following topics. Identify data sources to be ingested for Microsoft Sentinel On August 31, 2024, the Log Analytics agent is deprecated. You should begin preparing…
Well, finally it’s time for a new part to my study series for Microsoft Security certifications. I have published guides for SC-100 and SC-300 and now it’s times for the “little” ‘sis between. Hopefully you will find this helpful, giving…
If you want to learn more on from your email security, you could use this template to get and holistic view of what’s going on inside your environment. See here the announcement of the report. Why it matters? You have…
RSS - Posts