A small, single-tenant OTel collector in Azure Container Apps that forwards telemetry from VS Code Copilot and Claude Code into Application Insights and Log Analytics.
The Usage table now exposes plan information, making it much easier to break down Microsoft Sentinel ingestion by Analytics, Basic, and Auxiliary with native KQL.
Quick notes on the new AADGraphActivityLogs table, sample data generation with AADInternals and ROADtools, and some starter queries.
A semi-practical guide to how presenting better helps you learn, whether you're on stage, in a meeting, or just trying to explain a technical idea clearly.
Microsoft Sentinel SIEM log source analyzer. Classifies tables, scores cost-vs-detection value, and generates recommendations.
Repository for publishing scripts related to Microsoft Sentinel.
Proof of concept PowerShell functions for sending TI from MISP to SentinelOne.
Simple tool to detect Azure Lighthouse delegations and automate persistence setup.
Rust tool for sending threat intelligence from MISP to Microsoft Sentinel.
Module for interacting with a MISP server using PowerShell.
Web app for building MISP warninglist filters quickly and safely.
PowerShell module for sending indicators of compromise to the Upload Indicators API (Microsoft Sentinel).
Collection of ARM and other templates for Microsoft Sentinel.