A collated list of the most useful documented reference material on all things Azure.
Azure Sentinel
☁️ Deploy Sentinel as Code using the Repositories feature in Azure Sentinel.
☁️ Deploying Sentinel as code (the old way :D) & https://github.com/javiersoriano/sentinelascode
☁️ Terraform Sentinel as code
☁️ Example Kusto Queries
☁️ KQL quick reference
☁️ KQL string operators
☁️ Azure Sentinel GitHub repository – Contains everything from rules to workbooks to parsers etc.
☁️ Azure Active Directory Signin log error codes explained.
☁️ Azure Sentinel ATT&CK
☁️ Parsing Azure Firewalls logs in Sentinel
☁️ Azure Sentinel Entity Types
☁️ KQL – How to parse text
☁️ Azure Security logging and auditing
☁️ Microsoft Sentinel Training Lab
Azure Permissions
☁️ Azure Active Directory RBAC Roles
Miscellaneous
☁️ Securing your Identity Infrastructure
☁️ Azure Diagnostic Logging
By Alex Wheelhouse
/ April 3, 2022
Description To assist SOC's (Security Operation Teams) and detection engineers I have pulled together a few examples for detection analytics...
Read More
By Alex Wheelhouse
/ January 23, 2022
A collated list of the most useful documented reference material on all things Azure. Azure Sentinel ☁️ Deploy Sentinel as...
Read More
By Alex Wheelhouse
/ August 2, 2021
Azure comes with a few different Azure Sentinel agents for data ingestion to Azure log analytics. The agents are built...
Read More
By Alex Wheelhouse
/ June 21, 2021
Agent Tesla, a malware as a service tool used by hackers and APT's (advanced persistent threats) has recently been under...
Read More
By Alex Wheelhouse
/ June 20, 2021
SOAR Overview Security Orchestration, Automation and Response abbreviated to SOAR is a Security focused platform design to automate many of...
Read More
By Alex Wheelhouse
/ April 6, 2021
Starting out in Information Security There are many avenues to get your foot in the door into and gain Cyber...
Read More
By Alex Wheelhouse
/ January 19, 2021
Cyber security or otherwise known as Information Security is the act of individuals and organisations reducing the risk of cyber...
Read More
By Alex Wheelhouse
/ January 5, 2021
Now I know this is a vastly complicated issue that nearly all Security teams face in their organisation for one...
Read More
By Alex Wheelhouse
/ January 1, 2021
Overview Azure Sentinel Threat Hunting allows Security professionals to proactively identify potential threats that have gone unnoticed through analytics rules....
Read More
By Alex Wheelhouse
/ December 30, 2020
Overview The Azure Sentinel SIEM allows Security Operations team to detect active threats on the network by creating analytics rules...
Read More