Introduction
[Read More]
Creating smart Data Collection Rules by parsing EventIDs from Analytic Rules
Data Collection Rules allows us to create custom filters based on XPath-queries. If we do this based on active Analytic Rules, we can create DCRs that only ingest the data we actually have detection for.
Introduction
[Read More]
Azure Lighthouse 101
What is Azure Lighthouse, what does it do and how does it do it?
Introduction
[Read More]
Templating Microsoft Sentinel Analytic Rules using Powershell and CI/CD pipelines
Using the Microsoft Sentinel API and Powershell we can download all the components we want and template them for deployment - this allows you to create Analytic Rules in the Azure Portal and deploy them to multiple customers using CI/CD pipelines.
Templating
[Read More]
Adding a Key Vault to your Microsoft Sentinel Data Connector ARM-template
A subset of Data Connector for Sentinel come in the form of Azure Functions deployed using an ARM-template. Most if not all of these functions avoid actually implementing a Key Vault to secure your variables, so here's the snippets to implement it yourself.
Introduction
[Read More]