New and Improved Microsoft Sentinel documentation program

Introduction Wow! Just realized it has been half a year since I have posted anything new. Sorry about that. Well, this one is worth it. A brand-new update to the Export-AzSentinelConfigurationToWord.ps1 program that I wrote a long, long time ago. It uses PowerShell to display a nice GUI so that you can easily enter the […]

How to get a single row from a Microsoft Sentinel watchlist quickly

Introduction 19 Jan 2024 UPDATE: I have posted this same information (not quite as detailed) in the Microsoft Sentinel blog at Querying Watchlists – Microsoft Community Hub however, it does have a section on “bag_unpack” and the best way to use it. As I am sure you already know, you can get the entries from […]

Programming book Version 1.0 finally ready!

I have finally finished the first version of my “Programming Microsoft Sentinel using REST APIs” EBook is ready to go. You can download it from: garybushey/ProgrammingMicrosoftSentinel: Programming Microsoft Sentinel book (github.com) Let me know what you think. Can you easily follow it? Are the examples (both in the descriptions and use cases) useful and easy […]

A tale of two … Analytic Rule template APIs

You may have noticed that when you go into your Microsoft Sentinel Analytic rule templates area, you will see a banner like the one shown below: What does this mean? Basically, Microsoft Sentinel is not going to deploy all the Analytic rule templates (as well as Workbook templates, hunting queries, and data connectors) when a […]

Create multiple Microsoft Sentinel rules from rule templates – The Next Generation

Introduction Just over three years ago I wrote a blog post and code about how to create multiple rules from Microsoft Sentinel analytic rule template. A lot has changed in that three years. Not only have new features been added to Microsoft Sentinel, but I have learned better ways to work with PowerShell. With all […]