Another blog to help expand Security Knowledge
I find that I really don’t have as much time to generate new, detailed blog posts anymore. Combine that with the rising cost of hosting this site, I have decided to close it down. It will be open until the middle of February and then everything will be gone. I hope you have found at […]
Update: The Kindle version is finally available on Amazon. If I knew it would have taken 3 days to get it published I would have waited on posting this. You can find it here: Amazon.com: Using Microsoft Sentinel in the Microsoft Defender portal eBook : Bushey, Gary: Kindle Store I did also submit a printed […]
UPDATE: It appears that Microsoft has removed this from Workbooks, at least for the time being. It may be that it is not ready for release yet or it could be that it was re-enabled by accident. Hopefully it will show up again since I can see this being quite useful. Overview While working on […]
Introduction Wow! Just realized it has been half a year since I have posted anything new. Sorry about that. Well, this one is worth it. A brand-new update to the Export-AzSentinelConfigurationToWord.ps1 program that I wrote a long, long time ago. It uses PowerShell to display a nice GUI so that you can easily enter the […]
Introduction In my last blog post I compared using Microsoft Graph with the Microsoft Sentinel REST APIs. If you have your Microsoft Sentinel hooked up with Microsoft Defender, I recommend using the Microsoft Graph as much as possible. It appears that Microsoft will be pushing more and more to the Graph, so it makes sense […]
If you work as a developer or in operations, you most likely have heard about DevOps. If not, I suggest reading “The Phoenix Project“. It is a great book that tells a story about a company working their way to a DevOps mindset. While I love that book (I have read it 2x and listened […]
Introduction This is a program I have been wanting to write for quite some time. It is the number 1 most requested feature from the community at large for Microsoft Sentinel, although I cannot find the URL right now. I have spoken with the development team and, at least at the time I spoke with […]
I am going to start blogging about different topics than just Microsoft Sentinel. As you probably know, Microsoft Sentinel can (and should) be integrated with the Defender portal (security.microsoft.com), aka unified portal, so I will be expanding my focus a bit. Don’t worry, I still love Microsoft Sentinel. There will still be some general security […]
Introduction 19 Jan 2024 UPDATE: I have posted this same information (not quite as detailed) in the Microsoft Sentinel blog at Querying Watchlists – Microsoft Community Hub however, it does have a section on “bag_unpack” and the best way to use it. As I am sure you already know, you can get the entries from […]
I have finally finished the first version of my “Programming Microsoft Sentinel using REST APIs” EBook is ready to go. You can download it from: garybushey/ProgrammingMicrosoftSentinel: Programming Microsoft Sentinel book (github.com) Let me know what you think. Can you easily follow it? Are the examples (both in the descriptions and use cases) useful and easy […]
