Another blog to help expand Security Knowledge
Introduction In my last blog post I compared using Microsoft Graph with the Microsoft Sentinel REST APIs. If you have your Microsoft Sentinel hooked up with Microsoft Defender, I recommend using the Microsoft Graph as much as possible. It appears that Microsoft will be pushing more and more to the Graph, so it makes sense […]
If you work as a developer or in operations, you most likely have heard about DevOps. If not, I suggest reading “The Phoenix Project“. It is a great book that tells a story about a company working their way to a DevOps mindset. While I love that book (I have read it 2x and listened […]
Introduction This is a program I have been wanting to write for quite some time. It is the number 1 most requested feature from the community at large for Microsoft Sentinel, although I cannot find the URL right now. I have spoken with the development team and, at least at the time I spoke with […]
I am going to start blogging about different topics than just Microsoft Sentinel. As you probably know, Microsoft Sentinel can (and should) be integrated with the Defender portal (security.microsoft.com), aka unified portal, so I will be expanding my focus a bit. Don’t worry, I still love Microsoft Sentinel. There will still be some general security […]
Introduction 19 Jan 2024 UPDATE: I have posted this same information (not quite as detailed) in the Microsoft Sentinel blog at Querying Watchlists – Microsoft Community Hub however, it does have a section on “bag_unpack” and the best way to use it. As I am sure you already know, you can get the entries from […]
I have finally finished the first version of my “Programming Microsoft Sentinel using REST APIs” EBook is ready to go. You can download it from: garybushey/ProgrammingMicrosoftSentinel: Programming Microsoft Sentinel book (github.com) Let me know what you think. Can you easily follow it? Are the examples (both in the descriptions and use cases) useful and easy […]
Introduction I am working on a book on how to use the Microsoft Sentinel REST APIs to perform your tasks. Rather than dealing with the hassle of a publisher, I am following in Rod Trent’s footsteps and writing it as a word document which will be released as a PDF. Time (and interest) permitting, I […]
You may have noticed that when you go into your Microsoft Sentinel Analytic rule templates area, you will see a banner like the one shown below: What does this mean? Basically, Microsoft Sentinel is not going to deploy all the Analytic rule templates (as well as Workbook templates, hunting queries, and data connectors) when a […]
Introduction Just over three years ago I wrote a blog post and code about how to create multiple rules from Microsoft Sentinel analytic rule template. A lot has changed in that three years. Not only have new features been added to Microsoft Sentinel, but I have learned better ways to work with PowerShell. With all […]
Introduction I have heard from many people that they would like to be able to see which rules need to be updated. There is currently no easy way to do this in the Microsoft Sentinel portal. You can go through each page and see which ones have the “Update Available” tag in the name, but […]
