infernux

Microsoft Sentinel Data Lake - FAQ

Answering some common questions people might have

Posted on July 29, 2025

Data lake is here, rejoice. It also brings up a bunch of questions, like do I still need Microsoft Sentinel? Yes. Is this just auxiliary logging done well without a lot of complications, like not being able to use the “new” Azure Monitoring Agent and instead having to lean on... [Read More]

Tags: Microsoft Sentinel, Defender XDR, Graph API, Azure Lighthouse, Custom Detection Rules

How to not mess up your Microsoft Sentinel deployment

Looking beyond just the technical details

Posted on July 20, 2025

I recently did a presentation with the same title as this post and figured it would be a good idea to also type out some of the points made there, as I think it’s valuable. I’ve split it up into three sections (don’t worry, it won’t be three parts) that... [Read More]

Tags: Microsoft Sentinel, Defender XDR, Graph API, Azure Lighthouse, Custom Detection Rules

Defender XDR - Custom Detection Rules Push/Pull via API

A little primer to pushing and pulling new content via the graph beta API

Posted on June 1, 2025

Jumping straight into this one, custom detection rules are similar to analytic rules in Microsoft Sentinel, but allow us a limited option of response actions instead of automation rules and playbooks currently. [Read More]

Tags: Defender XDR, Graph API, Custom Detection Rules

Azure Spring Clean - Maestering Azure Tenant Security

A look into how we can utilize Maester to secure our Azure Tenant with a sprinkle of AI on top

Posted on February 28, 2025

Welcome back! This time, I’m writing a contribution to the Azure Spring Clean running in March 2025. It’s a community effort, so very happy to contribute. Please visit Azure Spring Clean for more content from the community! [Read More]

Tags: Cyber Security, Entra ID, Maester, Azure, Microsoft 365

Workspace Transformation Rules in Practice

This post will show you two very useful workspace transformation rules that you can use to save money on your data ingestion in Microsoft Sentinel.

Posted on February 24, 2025

Workspace transformation rules are defined in data collection rules and use kusto query language (KQL) in order to transform data in the cloud pipeline, before ingestion into Microsoft Sentinel. [Read More]

Tags: Cyber Security, Microsoft Sentinel, Azure, Log Analytics, Workspace Transformation Rules, Data Collection Rules

security automation blog