Another blog to help expand Security Knowledge
Overview While working on my new book about workbooks, I noticed that there is a new step type that is only available in the Defender portal called “repeater”. It is pretty interesting, so I thought I would talk about it a bit here. Not only can you add step(s) for each row, but you can […]
Introduction Wow! Just realized it has been half a year since I have posted anything new. Sorry about that. Well, this one is worth it. A brand-new update to the Export-AzSentinelConfigurationToWord.ps1 program that I wrote a long, long time ago. It uses PowerShell to display a nice GUI so that you can easily enter the […]
Introduction In my last blog post I compared using Microsoft Graph with the Microsoft Sentinel REST APIs. If you have your Microsoft Sentinel hooked up with Microsoft Defender, I recommend using the Microsoft Graph as much as possible. It appears that Microsoft will be pushing more and more to the Graph, so it makes sense […]
If you work as a developer or in operations, you most likely have heard about DevOps. If not, I suggest reading “The Phoenix Project“. It is a great book that tells a story about a company working their way to a DevOps mindset. While I love that book (I have read it 2x and listened […]
Introduction This is a program I have been wanting to write for quite some time. It is the number 1 most requested feature from the community at large for Microsoft Sentinel, although I cannot find the URL right now. I have spoken with the development team and, at least at the time I spoke with […]
I am going to start blogging about different topics than just Microsoft Sentinel. As you probably know, Microsoft Sentinel can (and should) be integrated with the Defender portal (security.microsoft.com), aka unified portal, so I will be expanding my focus a bit. Don’t worry, I still love Microsoft Sentinel. There will still be some general security […]
Introduction 19 Jan 2024 UPDATE: I have posted this same information (not quite as detailed) in the Microsoft Sentinel blog at Querying Watchlists – Microsoft Community Hub however, it does have a section on “bag_unpack” and the best way to use it. As I am sure you already know, you can get the entries from […]
I have finally finished the first version of my “Programming Microsoft Sentinel using REST APIs” EBook is ready to go. You can download it from: garybushey/ProgrammingMicrosoftSentinel: Programming Microsoft Sentinel book (github.com) Let me know what you think. Can you easily follow it? Are the examples (both in the descriptions and use cases) useful and easy […]
Introduction I am working on a book on how to use the Microsoft Sentinel REST APIs to perform your tasks. Rather than dealing with the hassle of a publisher, I am following in Rod Trent’s footsteps and writing it as a word document which will be released as a PDF. Time (and interest) permitting, I […]
You may have noticed that when you go into your Microsoft Sentinel Analytic rule templates area, you will see a banner like the one shown below: What does this mean? Basically, Microsoft Sentinel is not going to deploy all the Analytic rule templates (as well as Workbook templates, hunting queries, and data connectors) when a […]
