Another blog to help expand Security Knowledge
Overview When accessing information using KQL, sometimes you have a column that contains sub-columns that you want to access. There are a couple of different ways to obtain this information and I will show you two ways in this blog post. The first way will be to extract each column individually. While this works and, […]
Overview Back in the first post in this series, I mentioned that you can easily change how far back you can look to get information in your queries. This post will talk about PowerBI parameters that we will use to do this. Create a parameter Parameters are very easy to create. In left hand navigation […]
Overview This blog post will be slightly different than the ones I typically do as it is not technology driven. Rather this one will focus on describing a way of talking about security programs and the team that uses them. Security as a Car I was playing Forza Horizon 5 (very fun driving game) and […]
Overview So far in this series (if 3 posts can be considered a series), we have ingested data into PowerBI and created a basic report. We looked at some of the pitfalls that may happen when creating a table view. In this post, we will look at the tables themselves and how we can expand […]
Overview In the last blog post, Recreating a MS workbook in PowerBI: Part 1 – Get the data – Yet Another Security Blog (garybushey.com), we looked at how to get data from Microsoft Sentinel into PowerBI. In this blog post, we are going to create the basic report that mimics the Microsoft Sentinel Security Operations […]
Overview In one of my last posts, I talked about the differences between Microsoft Sentinel workbooks and PowerBI. In this post, the first of however many I decide to write, we will look at converting the Security Operations Efficiency workbook into PowerBI. Why this workbook? There are a few reasons. It has different steps in […]
Introduction I’m sure anyone who has using Microsoft Sentinel for any length of time has used the workbooks feature. While this is technically an Azure Monitor feature, we use them with Microsoft Sentinel as well. They are great but may not work for everyone. Another choice is Microsoft’s PowerBI reporting tool. This blog post will […]
Introduction How many of you have come across a customer that says something along the lines of “We have this great program that we want you to interact with, but it has no API to access”. Maybe it is old, or maybe it was written in-house and adding an API was not considered a requirement. […]
Introduction Update: Microsoft Sentinel now has the ability to trigger a playbook when an incident has been updated so this blog post is obsolete! If you are like me, you feel that one of the holes in Microsoft Sentinel is knowing when something changes. I am hoping that this changes soon (pun intended). In the […]
If you have read either version of my book, I sent you to a URL that uses the Azure Data Explorer to play around with the KQL queries. Rod Trent just posted a blog at Create and Maintain Your Own KQL Demo Environment with the New Start-for-free Cluster – Azure Cloud & AI Domain Blog […]