Another blog to help expand Security Knowledge
If you work as a developer or in operations, you most likely have heard about DevOps. If not, I suggest reading “The Phoenix Project“. It is a great book that tells a story about a company working their way to a DevOps mindset. While I love that book (I have read it 2x and listened […]
Introduction This is a program I have been wanting to write for quite some time. It is the number 1 most requested feature from the community at large for Microsoft Sentinel, although I cannot find the URL right now. I have spoken with the development team and, at least at the time I spoke with […]
I am going to start blogging about different topics than just Microsoft Sentinel. As you probably know, Microsoft Sentinel can (and should) be integrated with the Defender portal (security.microsoft.com), aka unified portal, so I will be expanding my focus a bit. Don’t worry, I still love Microsoft Sentinel. There will still be some general security […]
Introduction 19 Jan 2024 UPDATE: I have posted this same information (not quite as detailed) in the Microsoft Sentinel blog at Querying Watchlists – Microsoft Community Hub however, it does have a section on “bag_unpack” and the best way to use it. As I am sure you already know, you can get the entries from […]
I have finally finished the first version of my “Programming Microsoft Sentinel using REST APIs” EBook is ready to go. You can download it from: garybushey/ProgrammingMicrosoftSentinel: Programming Microsoft Sentinel book (github.com) Let me know what you think. Can you easily follow it? Are the examples (both in the descriptions and use cases) useful and easy […]
Introduction I am working on a book on how to use the Microsoft Sentinel REST APIs to perform your tasks. Rather than dealing with the hassle of a publisher, I am following in Rod Trent’s footsteps and writing it as a word document which will be released as a PDF. Time (and interest) permitting, I […]
You may have noticed that when you go into your Microsoft Sentinel Analytic rule templates area, you will see a banner like the one shown below: What does this mean? Basically, Microsoft Sentinel is not going to deploy all the Analytic rule templates (as well as Workbook templates, hunting queries, and data connectors) when a […]
Introduction Just over three years ago I wrote a blog post and code about how to create multiple rules from Microsoft Sentinel analytic rule template. A lot has changed in that three years. Not only have new features been added to Microsoft Sentinel, but I have learned better ways to work with PowerShell. With all […]
Introduction I have heard from many people that they would like to be able to see which rules need to be updated. There is currently no easy way to do this in the Microsoft Sentinel portal. You can go through each page and see which ones have the “Update Available” tag in the name, but […]
Introduction I recall reading a post where someone asked if there was a way to generate a word document when an incident was closed for reporting purposes. There is no built-in way, but by using a Playbook, a Team’s site (or other SharePoint site), and a Word template, you can do this. The Playbook, Word […]
