Recreating a MS workbook in PowerBI: Part 1 – Get the data

Overview In one of my last posts, I talked about the differences between Microsoft Sentinel workbooks and PowerBI. In this post, the first of however many I decide to write, we will look at converting the Security Operations Efficiency workbook into PowerBI. Why this workbook? There are a few reasons. It has different steps in […]

Microsoft Sentinel workbooks versus PowerBI

Introduction I’m sure anyone who has using Microsoft Sentinel for any length of time has used the workbooks feature. While this is technically an Azure Monitor feature, we use them with Microsoft Sentinel as well. They are great but may not work for everyone. Another choice is Microsoft’s PowerBI reporting tool. This blog post will […]

Accessing the “unaccessible” services using robots (kind of)

Introduction How many of you have come across a customer that says something along the lines of “We have this great program that we want you to interact with, but it has no API to access”. Maybe it is old, or maybe it was written in-house and adding an API was not considered a requirement. […]

Determining when a Microsoft Sentinel incident’s owner has changed

Introduction Update: Microsoft Sentinel now has the ability to trigger a playbook when an incident has been updated so this blog post is obsolete! If you are like me, you feel that one of the holes in Microsoft Sentinel is knowing when something changes. I am hoping that this changes soon (pun intended). In the […]

See MS Sentinel workbooks when logging into the portal

Introduction For most people using Microsoft Sentinel, you would login the Azure portal, go to the Sentinel page (and maybe select the required instance), go to workbooks, and select the workbook you want to see. That is great, but what if you are a CISO and you don’t want to have to go through all […]