In this episode of Practical Sentinel, Thijs describes the different ingestion methods, how to choose the best method, and advises how to filter the ingested data.
Are you looking to ingest your data into Sentinel? In this episode of Practical Sentinel, we review use cases and tips for ingesting networking data into Sentinel.
In this episode of Practical Sentinel, Thijs Lecomte discusses how to create some basic KQL queries to track MFA usage.
In this blog, we take a look at the Unified Security Operations Platform, review what is available right now, discuss what Microsoft is building, and ask whether you need this functionality.
Welcome to Practical Sentinel! In the introductory blog of this series, we review how Microsoft positions Sentinel, what capabilities the product includes, and what it does well.
In this blog, Thijs Lecomte reviews Exclusion for Microsoft Security Solutions, why they are important, and how to manage them.
This blog reviews the Midnight Blizzard Attack, providing some hypothetical scenarios of what actually happened and how it could've been prevented.
Microsoft 365 security is a big topic. Focus is important when it comes to getting things done. In this article, we suggest five areas that administrators could work on during 2023 to improve the security posture of their tenant. You might already have established full control over some of these areas. Even if you have, it's still good to consider if you can improve security.
Automation is a big part of Sentinel, as it helps security administrators fight the spew of alerts generated by the different security solutions. In this article, we dive into some common use cases for automation and how to utilize Playbooks within Microsoft Sentinel.
When setting up your SIEM, ingesting logs from Active Directory is essential. This blog dives into the two options for ingesting AD logs and compare their strengths and weaknesses.
Although Sentinel makes it easy to onboard many data sources fast, it is important to keep cost in perspective. Start with prioritizing the data connectors that provide the most useful data, and then work your way down.
This article continues the discussion of the main steps needed to mitigate a zero-day threat Using Microsoft 365 Defender and Sentinel.
