Another blog to help expand Security Knowledge
I am going to start blogging about different topics than just Microsoft Sentinel. As you probably know, Microsoft Sentinel can (and should) be integrated with the Defender portal (security.microsoft.com), aka unified portal, so I will be expanding my focus a bit. Don’t worry, I still love Microsoft Sentinel. There will still be some general security […]
Introduction In my last post, I talked about how to get a single (or a few) entries from a Microsoft Sentinel watchlist. I introduced the fact that watchlists are stored in the “Watchlist” table. We can use this to perform cross workspace queries. _GetWatchlist Again, in my last blog post, I talked about the “_GetWatchlist” […]
Introduction 19 Jan 2024 UPDATE: I have posted this same information (not quite as detailed) in the Microsoft Sentinel blog at Querying Watchlists – Microsoft Community Hub however, it does have a section on “bag_unpack” and the best way to use it. As I am sure you already know, you can get the entries from […]
I have finally finished the first version of my “Programming Microsoft Sentinel using REST APIs” EBook is ready to go. You can download it from: garybushey/ProgrammingMicrosoftSentinel: Programming Microsoft Sentinel book (github.com) Let me know what you think. Can you easily follow it? Are the examples (both in the descriptions and use cases) useful and easy […]
Introduction I am working on a book on how to use the Microsoft Sentinel REST APIs to perform your tasks. Rather than dealing with the hassle of a publisher, I am following in Rod Trent’s footsteps and writing it as a word document which will be released as a PDF. Time (and interest) permitting, I […]
Introduction I have been asked numerous times if there was an easy way to document your Microsoft Sentinel configuration (most recently just last week). I didn’t know of any programs that did this, so I wrote my own. It was something that I had wanted to do for quite some time, but only recently was […]
Introduction UPDATE: Modified the code to show Required Data Connectors information and the workbook to use this information. With Microsoft Sentinel moving everything into the Content Hub it may be hard to find the solution you need. You can currently search in the Content Hub, but it will only search the Title and description for […]
Introduction As I stated in my last post, Microsoft Sentinel is changing the way that templates are created in a new instance of Microsoft Sentinel. You can read the post here: A tale of two … Analytic Rule template APIs – Yet Another Security Blog (garybushey.com) to get more information on it. In that post, […]
You may have noticed that when you go into your Microsoft Sentinel Analytic rule templates area, you will see a banner like the one shown below: What does this mean? Basically, Microsoft Sentinel is not going to deploy all the Analytic rule templates (as well as Workbook templates, hunting queries, and data connectors) when a […]
Introduction While all my previous posts regarding calling Microsoft Sentinel REST APIs have been done in PowerShell, that is definitely not the only way to call them. PowerShell is a great language and has its place but so does JavaScript and C# (which will be a blog post in the near future). We will utilize […]
