Microsoft Sentinel Archives - Practical 365

Practical Sentinel: Ingesting Networking Data in Microsoft Sentinel

Thijs Lecomte — Tue, 13 Aug 2024 10:00:00 +0000

In this episode of Practical Sentinel, Thijs describes the different ingestion methods, how to choose the best method, and advises how to filter the ingested data.

The post Practical Sentinel: Ingesting Networking Data in Microsoft Sentinel appeared first on Practical 365.

Practical Sentinel: Adding Networking Data to Microsoft Sentinel

Thijs Lecomte — Mon, 15 Jul 2024 10:00:00 +0000

Are you looking to ingest your data into Sentinel? In this episode of Practical Sentinel, we review use cases and tips for ingesting networking data into Sentinel.

The post Practical Sentinel: Adding Networking Data to Microsoft Sentinel appeared first on Practical 365.

Practical Sentinel: Auditing Multifactor Authentication with Sentinel

Thijs Lecomte — Wed, 05 Jun 2024 10:00:00 +0000

In this episode of Practical Sentinel, Thijs Lecomte discusses how to create some basic KQL queries to track MFA usage.

The post Practical Sentinel: Auditing Multifactor Authentication with Sentinel appeared first on Practical 365.

Practical Sentinel: A Practical Look at the Unified SecOps Experience

Thijs Lecomte — Tue, 21 May 2024 10:00:00 +0000

In this blog, we take a look at the Unified Security Operations Platform, review what is available right now, discuss what Microsoft is building, and ask whether you need this functionality.

The post Practical Sentinel: A Practical Look at the Unified SecOps Experience appeared first on Practical 365.

Practical Sentinel: Setting the Scene

Thijs Lecomte — Thu, 02 May 2024 10:00:00 +0000

Welcome to Practical Sentinel! In the introductory blog of this series, we review how Microsoft positions Sentinel, what capabilities the product includes, and what it does well.

The post Practical Sentinel: Setting the Scene appeared first on Practical 365.

Managing Exclusions for Microsoft Security Solutions

Thijs Lecomte — Thu, 28 Mar 2024 10:00:00 +0000

In this blog, Thijs Lecomte reviews Exclusion for Microsoft Security Solutions, why they are important, and how to manage them.

The post Managing Exclusions for Microsoft Security Solutions appeared first on Practical 365.

Detecting Midnight Blizzard using Microsoft Sentinel

Thijs Lecomte — Wed, 14 Feb 2024 11:00:00 +0000

This blog reviews the Midnight Blizzard Attack, providing some hypothetical scenarios of what actually happened and how it could've been prevented.

The post Detecting Midnight Blizzard using Microsoft Sentinel appeared first on Practical 365.

Five Things Microsoft 365 Security Administrators Should Do in 2023

Tony Redmond — Mon, 20 Feb 2023 11:00:00 +0000

Microsoft 365 security is a big topic. Focus is important when it comes to getting things done. In this article, we suggest five areas that administrators could work on during 2023 to improve the security posture of their tenant. You might already have established full control over some of these areas. Even if you have, it's still good to consider if you can improve security.

The post Five Things Microsoft 365 Security Administrators Should Do in 2023 appeared first on Practical 365.

Dipping your toes in Microsoft Sentinel Automation

Thijs Lecomte — Tue, 07 Feb 2023 20:52:50 +0000

Automation is a big part of Sentinel, as it helps security administrators fight the spew of alerts generated by the different security solutions. In this article, we dive into some common use cases for automation and how to utilize Playbooks within Microsoft Sentinel.

The post Dipping your toes in Microsoft Sentinel Automation appeared first on Practical 365.

How to Add Active Directory Logs to Microsoft Sentinel

Thijs Lecomte — Wed, 04 Jan 2023 14:27:26 +0000

When setting up your SIEM, ingesting logs from Active Directory is essential. This blog dives into the two options for ingesting AD logs and compare their strengths and weaknesses.

The post How to Add Active Directory Logs to Microsoft Sentinel appeared first on Practical 365.