Using PowerShell & C# with Jupyter Notebooks

Introduction As you probably already know, Jupyter notebooks allow for much great threat hunting than you can get using the OOTB Azure Sentinel Threat Hunting queries, especially when you consider that you can run the Azure Sentinel KQL queries from a Jupyter notebook. Most of the articles written about Azure Sentinel and Jupyter notebooks use […]

Nice shortcut in KQL to get JSON data in a dynamic column.

While looking at the SigninLogs table in Azure Sentinel I noticed there are a lot of dynamic fields that hold JSON data. I was trying to use parse_json to get to the data but it was always returning empty fields. I then realized that parse_json requires a string input, not a dynamic. After some messing […]

Ingesting Azure Sentinel Incident information into Log Analytics Part III – Using the data

Introduction In Ingesting Azure Sentinel Incident information into Log Analytics, I showed you how to create a Log Analytics workflow to ingest Azure Sentinel Incidents into a Log Analytics workspace. In Ingesting Azure Sentinel Incident information into Log Analytics Part II, I fixed some of the issues I ran into while using the instructions from […]

Ingesting Azure Sentinel Incident information into Log Analytics Part II

Introduction This is a continuation of the post Ingesting Azure Sentinel Incident information into Log Analytics. There are a few things that I want to clarify/rectify in it. I was working on the output from my last post to make a useful workbook from it and noticed a few things. Misspelling I misspelled “severity” when […]

Ingesting Azure Sentinel Incident information into Log Analytics

Introduction Second Edit: Look at the entry Ingesting Azure Sentinel Incident information into Log Analytics Part II for more updates Edit: I forgot to add the image for the Compose section. Also, there is a typo in it. I have serverity when it should be severity (or whatever else you want to call it). If […]

My book has been released!!!!

I am happy to announce that my (and my co-author’s) book has, finally, been released. Learn Azure Sentinel is now available directly from the Packt site listed here: https://www.packtpub.com/security/learn-azure-sentinel It should be shipping from Amazon soon. Of course, with the world-side lockdown the actual shipping date may vary. I would suggest buying it directly from […]