Microsoft Security Azure Sentinel Blog Mobile Microsoft Security Azure Sentinel Blog

Managed Sentinel Blog

Gain insight into the latest trends and tricks with Microsoft Azure Sentinel. As a recognized leader in consulting & implementation, Managed Sentinel offers a unique perspective on the current state, and future, of this SEIM tool.

Mar 28, 2021

Monitoring the publication of new Azure Sentinel alert rule templates

Anyone familiar with Azure Sentinel knows that one can open the portal one day and find 20 new additional data connectors and 50 new alert rule templates along with additional goodies such as hunting queries, parsers, workbooks and sometimes whole new major add-ons such as UEBA. Unless one meticulously checks the rules on regular basis […]

Read More
Monitoring the publication of new Azure Sentinel alert rule templates
Mar 26, 2021

Azure Sentinel Design Update

Azure Sentinel born-in-the-cloud SIEM was released in preview mode in February 2019 and in full general availability in September 2019, however, it has since advanced in bounds and leaps, doubling the number of data connectors, improving visualizations, incident management and building a rich ecosystem of options for SOAR and data enrichment. Combined with a tight […]

Read More
Azure Sentinel Design Update
Mar 15, 2021

Log Ingestion Lag in Cloud-Based SIEMs

Lag in log ingestion is a topic that comes up now and then in our Azure Sentinel design discussions with our customers. We even had concerns around the speed of light being a constrain for certain critical log sources. These would be valid for security controls designed to protect strategic infrastructure but one has to […]

Read More
Log Ingestion Lag in Cloud-Based SIEMs
Feb 20, 2021

Using KQL to Ingest External Data In Azure Sentinel

One of the most sought-after features of a modern SIEM is the ability to read data from various Internet-based sources and use it to enrich the analysis of the raw logs. Such resources could come in various “packages” – they could be freely downloadable files or they may require authentication tokens/paid subscriptions, some are CSV, […]

Read More
Using KQL to Ingest External Data In Azure Sentinel
Feb 12, 2021

Microsoft Security Stack Coverage

Microsoft Graph Security – High-Definition PDF – High-Definition Vector  Graphics Contact us for full walk-through of this diagram and a review of Microsoft Graph Security integration with the overall Microsoft security stack.    

Read More
Microsoft Security Stack Coverage
Feb 8, 2021

Azure Security Center Design

This post is a second iteration on Azure Security Center (ASC), part of our effort to provide one-page diagrams for Microsoft’s M365/Defender (aka XDR) components. In our first post on ASC, we mentioned how one of the most common questions that we are receiving about Azure Sentinel is about its functionality compared with Azure Security […]

Read More
Azure Security Center Design
Feb 2, 2021

Microsoft Security Products vs. Other Cloud Security Products

In recent years, Microsoft has emerged as a market leader for a wide range of security areas, with a high focus on the hybrid infrastructure. In the diagram below, we are attempting to map each of the Microsoft security products to products to other vendors that have a significant market presence. Some of them are […]

Read More
Microsoft Security Products vs. Other Cloud Security Products
Nov 29, 2020

Using KQL to Estimate Log Ingestion Volume In Azure Sentinel

Azure Sentinel pricing model is driven by the amount of data ingested for security analytics that is stored in the related Log Analytics workspace. Given the costs of the cloud resources, it is important to be able to estimate future logs space consumption and consider any budget-related implications. Basing the analysis on the past data, […]

Read More
Using KQL to Estimate Log Ingestion Volume In Azure Sentinel
Nov 22, 2020

Microsoft Graph Security Components & API

Microsoft Graph, the Security component was born as a way to represent the threat intelligence information in a form that is closer to the way they attackers approach their targets, as a graph of interconnected systems, with complex relationships between themselves and 3rd party entities. Inside the graph, Microsoft is using their substantial analytical power […]

Read More
Microsoft Graph Security Components & API
Nov 8, 2020

Microsoft 365 Defender for Endpoints

Formerly known as  Defender ATP, Microsoft Defender for Endpoints is now a critical component of Microsoft XDR line of security controls. Defender for Endpoints is starting to go past its newly found fame as the “new kid on the block”, with a meteoric rise in Gartner’s Magic Quadrant for endpoint protection. It is now becoming […]

Read More
Microsoft 365 Defender for Endpoints
Nov 3, 2020

Using Kusto Query Language (KQL) in Azure Sentinel to calculate IIS session times

User sessions are an important aspect of identifying the behavior of web users. In many cases there is a lot of effort on ensuring that a user spends as much time visiting a website as it increase the chance of consuming the services offered by that particular website, be that advertising material, sales, etc. Onboarding […]

Read More
Using Kusto Query Language (KQL) in Azure Sentinel to calculate IIS session times
Oct 22, 2020

Extended Microsoft MDR Service Components

Understanding the components of an extended Microsoft MDR service by Adrian Grigorof, CISSP, CISM, CRISC, CCSK , Marius Mocanu, CISSP, CISM, CEH, SCF October 22, 2020 During our engagements with customers we are always in a situation where we have to explain the differences between various flavors of MDR services and sometimes even the difference […]

Read More
Extended Microsoft MDR Service Components
Page 1 of 3
Back to top
Close