Another blog to help expand Security Knowledge
Introduction So far in this series, we have looked at the Rule templates. Now we will look at the Analytics rules that we are currently using. Listing all the Analytic Rules Much like looking at the Analytic rule templates, we can make a REST call to look at all the rules we are using. The […]
Introduction In the previous post I showed you how to get a listing of all your Incidents (AKA cases) from Azure Sentinel. I will come back to those in just a little bit. But for now I want to talk about how those Incidents get generated. As I am sure you know, Incidents are usually […]
Introduction In this post, we will get ready to use the Azure Sentinel REST APIs. We will discuss getting PowerShell setup, what needs to be done before you can call the REST APIs and then we will make a sample call. First and foremost, we will be using the new PowerShell core. It is the […]
Microsoft has stated that they will be releasing the official version of the AzureSentinel APIs “soon”. While they may not be official, the APIsare publishing on GitHub and, as far as I can tell, seem to be workingperfectly well. This post will introduce you to the APIs and how to usethem using PowerShell. Why […]