Oct 4, 2024
Sentinel Phantom Fields: Understanding and Managing Inaccessible Data
Microsoft has transitioned to a DCR-based log ingestion and manual schema management for tables. Many organizations are adopting this modern approach to parse, filter, and enrich logs during ingestion. While effective, this system can incur unnecessary expenses if not used properly, leading to billable fields that remain inaccessible when querying events. We refer to these […]
Read More May 23, 2024
Microsoft Copilot for Security Design
We’re excited to continue our series of succinct visual guides with the release of our one-page diagram for Microsoft’s Copilot for Security – poised to revolutionize how Security Operations Center (SOC) analysts handle and analyze security events. With the ability to interpret complex, interrelated security events, generate sharp KQL scripts, integrate enrichments from both Microsoft […]
Read More Mar 13, 2024
Defender for Cloud and Defender XDR Connectors in Sentinel
Over the past few weeks, Microsoft Defender for Cloud has received multiple updates. Microsoft has introduced a new tenant-level Defender for Cloud connector, replacing the old subscription-level one. Additionally, they have implemented a new functionality, allowing detections from Defender for Cloud to be integrated into Defender XDR, along with detections from other Defender solutions. There are […]
Read More Sep 18, 2023
From Noise to Action: Analyzing Activity Alerts and Preventing Genuine Threats with Defender for Cloud Apps
If you worked in a SOC, you know that during an analysis, correlating sessions to identify malicious activity or compromise is necessary, yet hard or impossible to perform, based on the available logs from activity-based alerts from Defender for Cloud Apps. In this blog post, we will go over the following topics: What are the […]
Read More Jul 13, 2021
Mapping of On-Premises Security Controls Versus Services Offered by Major Cloud Providers
We are happy to publish the fifth version of a diagram that started in March 2017, with just AWS and Azure versus On-Premises. The diagram began as an effort to make a translation between the typical on-premises security controls that everybody, more or less, knows what they do and the various services advertised by major […]
Read More Mar 26, 2021
Azure Sentinel Design Update
Azure Sentinel born-in-the-cloud SIEM was released in preview mode in February 2019 and in full general availability in September 2019, however, it has since advanced in bounds and leaps, doubling the number of data connectors, improving visualizations, incident management and building a rich ecosystem of options for SOAR and data enrichment. Combined with a tight […]
Read More Sep 28, 2020
Microsoft Security Stack Product Rebranding
Microsoft Security Stack Product Rebranding by Adrian Grigorof, CISSP, CISM, CRISC, CCSK , Marius Mocanu, CISSP, CISM, CEH, SCF Last update: September 28, 2020 On September 22nd, 2020, Microsoft announced a rebranding of their threat protection portfolio as well as an emphasis on its tools becoming a components of an extended detection and response (XDR) […]
Read More Sep 13, 2020
Azure Sentinel Design
Azure Sentinel born-in-the-cloud SIEM was released in preview mode in February 2019 and in full general availability in September 2019, however, it has since advanced in bounds and leaps, doubling the number of data connectors, improving visualizations, incident management and building a rich ecosystem of options for SOAR and data enrichment. Combined with a tight […]
Read More Aug 16, 2020
Azure Sentinel Data Connectors
On July 21, 2020 Microsoft announced a new set of Azure Sentinel data connectors for some important security solutions providers. This is great news for our Sentinel customers, as the ability to ingest logs from a wide variety of log sources is one of top requests, along with data optimization (how can I reduce my […]
Read More May 10, 2020
Azure Sentinel Incidents & KPI Dashboards
Since its release in preview mode in February 2019, Azure Sentinel has provided the Incidents blade in its portal as a platform to monitor and manage the situation when the configured use cases (alerts) are triggered. As the product evolved in bounds and leaps, the Incidents features has become more mature and now, combined with […]
Read More May 3, 2020
Microsoft Cloud App Security Design
Microsoft Cloud App Security (MCAS) has been rated as the number 1 leader CASB product in Gartner’s Magic Quadrant in 2019. As part of Microsoft’s cloud security stack, it provides full integration with other M365 security products, such as ATP, Security Center, Defender ATP and Azure Sentinel. It provides deep visibility and control of SaaS-related […]
Read More Mar 27, 2020
Azure Sentinel COVID-19 Alerts and IoCs
While the world is struggling to contain the devastating effects of the COVID-19 virus, there are an increasing number of malicious actors attempting to take advantage of it and attack organizations using the desire for information about this virus. At Managed Sentinel, we decided to create and maintain a list of IoCs (IP addresses, domains, […]
Read More