Another blog to help expand Security Knowledge
Introduction When you perform a query and look at a table, for instance Heartbeat, in Microsoft Sentinel, you will see that the datetime fields are stored as UTC time zone values. While there are exceptions to this rule, the TimeGenerated will always be stored using the UTC time zone. This can be both a blessing […]
Introduction I am sure you know that each Analytic rule in Microsoft Sentinel has a “Description field, and its contents get copied into the incident that this rule creates. I am sure you are also aware that some of the problems with newer security analysts are not knowing what steps to take to resolve an […]
Introduction Truth be told, I had this working a long time ago, it just took me way too long to figure out how to export the Logic Apps into working ARM templates! I am sure you know you can tag incidents after they are created. Wouldn’t it be great if you could do this automatically? […]
