Create a rule from a Microsoft Sentinel solution’s rule template

UPDATE After playing around with the code a bit and testing some more, I found out an interesting aspect of the data being returned from the PowerShell call that will make the code much simpler. Instead of accessing “displayName” by using You can access it directly using This will also work with arrays so there […]

Determine KQL queries that reference CommonSecurityLog

Introduction If you have not heard, there are changes coming to Microsoft Sentinel’s CommonSecurityLog table. This is the table that stores information received from CEF ingestion. To read about the changes, go to Upcoming changes to the CommonSecurityLog table – Microsoft Community Hub This blog post is about a PowerShell script that I wrote which […]