A collated list of the most useful documented reference material on all things Azure. Azure Sentinel ☁️ Deploy Sentinel as Code using the Repositories feature in Azure Sentinel. ☁️ Deploying Sentinel as code (the old way :D) & https://github.com/javiersoriano/sentinelascode ☁️… Continue Reading
Azure comes with a few different Azure Sentinel agents for data ingestion to Azure log analytics. The agents are built for Windows and Linux OS devices and can be installed in any cloud and on-premise environment. Microsoft Monitoring Agent (MMA)… Continue Reading
Overview Azure Sentinel Threat Hunting allows Security professionals to proactively identify potential threats that have gone unnoticed through analytics rules. Sentinel provides this ability in a tab in the Azure portal called ‘hunting’. These queries are built using the KQL… Continue Reading
Overview The Azure Sentinel SIEM allows Security Operations team to detect active threats on the network by creating analytics rules (alerting rules). These rules can be deployed using the Azure Portal or alternatively can be deployed through the Sentinel API… Continue Reading
The Azure Sentinel SIEM built by Microsoft comes with inbuilt ‘data connectors’ to assist you with speeding up the process for log ingestion/onboarding. As of the date of writing this there are currently 63 data connectors supported ‘out of the… Continue Reading
Microsoft Azure Sentinel is a cloud-native SIEM solution built by Microsoft in the Azure cloud. It allows Security professionals to detect, hunt, investigate and respond to threats. Security information and event management (SIEM) technology supports threat detection, compliance and security… Continue Reading
