Script: Sentinel Data Lake Table Management
Microsoft Sentinel’s data lake story is quietly powerful: you get fast, 90-day Analytics (Shortterm) for hunting and detections, plus scalable, …
Sentinel
Tutorial: Integrate AI into your Powershell scripts
I have been playing around with integrating AI into my favorite scripting tool: Powershell. This blog serves as a quick-guide …
Troubleshooting & Monitoring of Log Ingestion with Data Collection Rules
As I have outlined in the series of blogs, Azure Logging is based on Data Collection Rules (DCRs) and Azure …
Optimize Costs using Auxiliary Logs for Verbose Logging
Today, we use logging for many purposes including security hunting with SIEM (Sentinel), troubleshooting, performance telemetry, compliance reporting – but …
Security Copilot Scalable Capacity Management for non-24×7 SOC scenario
Background Some of my customers are not having 24×7 SOC but still wants to utilize Microsoft Security Copilot during their …
Re-onboard LogAnalytics to Sentinel, if SecurityInsights solution is deleted by mistake
Critical features will break or stop working, if you delete too much in Legacy solutions like SecurityInsights, SQLAdvancedThreatProtection or SQLVulnerabilityAssessment. …
Collecting DNS events using Azure Monitor Agent
This blog will give you insight on how to setup collection of DNS Events from Windows devices using Azure Monitor …
AzLogDcrIngestPS – tips & tricks sending data via Azure Pipeline, Azure Log Ingestion API, Azure Data Collections into Azure LogAnalytics
If you are sending data using HTTP Data Collector API (REST) today, you should continue reading, as this API will …
AzLogDcrIngestPS – how to do data manipulation before sending data via Azure Pipeline, Log ingestion API & Azure Data Collection Rules into Azure LogAnalytics ?
If you are sending data using HTTP Data Collector API (REST) today, you should continue reading, as this API will …
Understanding Azure Data Collection Endpoint
Azure Data Collection Endpoint (DCE) provide a connection for certain data sources of Azure Monitor. This article gives you an …