Collecting CEF Syslogs using Azure Monitor Agent
This blog will give you insight on how to setup collection of syslogs (CEF) using Linux forwader server using Azure …
Morten Knudsen
Collecting Syslogs using Azure Monitor Agent
This blog will give you insight on how to setup collection of syslogs using Linux forwader server using Azure Monitor …
Tutorial – How to make data transformations using Data Collection Rules?
This section will show you the steps for setting up data transformations – and how you can do the transformation …
Master Azure Logging in depth
I am really passioned about the logging capabilities in M365 Defender and Azure with the power to bring data back from clients, servers, cloud and …
Orphaned Azure Security Principals Clean-up & Azure Policy Managed Identity Role Assignment Automation
This blog covers 2 topics : (1) how you can automate clean-up of any orphaned security principal role assignments – …
Automate Reporting of Defender for Cloud recommendations & Role Assignments with 35 different views
Background Recently, I was asked to build a simple reporting-script, which integrates data from Microsoft Defender for Cloud and Azure …
How to implement a gradual (ring) rollout-process for Microsoft Defender updates
It is important to ensure that your security posture systems are up-to-date to be able to prevent attacks. Microsoft Defender …
How to save $$$ by storing your Syslog and Defender for Endpoint long-term logs in Azure Data Explorer cluster using Azure Data Factory and Azure Storage Account export – while keeping Kusto query functionalities ?
This blog is about keeping long-term Sentinel logs, giving you insight to the options today – with great opportunities to …
Sentinel Alert Rules Management with Add / Update / Remove & Alert Rule Action automation
Do you want to automate alert rules including creating new alert rules and update existing – with checks every x …
Real example with 43% cost savings on Sentinel log-costs: How to exclude Syslog log-events from banned IPs using AbuseIPDB-service with integration to firewalls
This is a real-life example of how I helped reduce the log-cost by 43% for LogAnalytics & Sentinel combined for …