Microsoft Sentinel

• Microsoft Sentinel
• Microsoft Sentinel documentation
• What's new in Microsoft Sentinel
• Become a Microsoft Sentinel Ninja
• The Definitive SIEM Buyer’s Guide

Microsoft Tech Community Blogs

• Accelerate Your UEBA Journey: Introducing the Microsoft Sentinel Behaviors Workbook
• Three ways to run KQL on Microsoft Sentinel data lake: Interactive, Async, or Jobs
• Unlocking the power of Notebooks with Microsoft Sentinel data lake
• Public Preview Announcement: Empower Real-Time Security with Microsoft Sentinel’s CCF Push Feature
• What’s new in Microsoft Sentinel: February 2026
• Data lake tier Ingestion for Microsoft Defender Advanced Hunting Tables is Now Generally Available
• Announcing AI Entity Analyzer in Microsoft Sentinel MCP Server - Public Preview
• Microsoft Sentinel Platform: Audit Logs and Where to Find Them
• Managing Microsoft Sentinel and Microsoft Defender XDR permissions in Microsoft Defender portal
• Call to Action: Migrate Your Classic Alert‑trigger Automations to Automation Rules Before March 2026
• Efficiently process high volume logs and optimize costs with Microsoft Sentinel data lake
• What’s New in Microsoft Sentinel: December 2025
• Build less, secure more: Simplify security data management with Microsoft Sentinel data lake
• New Compliance Solutions in Microsoft Sentinel: HIPAA & GDPR Reports
• Ignite 2025: New Microsoft Sentinel Connectors Announcement
• Detect more, spend less: the future of threat intelligence correlation
• Operationalizing the Sentinel data lake: A Practitioner’s Guide
• Automating IOC hunts in Microsoft Sentinel data lake
• What’s New in Microsoft Sentinel: November 2025
• Using Microsoft Sentinel MCP Server with GitHub Copilot for AI-Powered Threat Hunting
• Introducing Microsoft Sentinel graph (Public Preview)
• Microsoft Sentinel data lake is now generally available
• New bi-directional export for TI in Microsoft Sentinel and strategic Cyware partnership
• 6 truths about migrating Microsoft Sentinel to the Defender portal
• Microsoft Sentinel data lake FAQ
• App Assure's Sentinel promise now extends to Microsoft Sentinel data lake
• Microsoft Sentinel and Defender: ITSM Integrations Explained
• Automate Security Workflows in Microsoft Sentinel with BlinkOps
• Microsoft Sentinel’s AI-driven UEBA ushers in the next era of behavioral analytics
• How to: Ingest Splunk alert data to Microsoft Sentinel SIEM
• Table Talk: Sentinel’s New ThreatIntel Tables Explained
• Automating Microsoft Sentinel: Playbook Fundamentals
• Automating Watchlists in Microsoft Sentinel
• Planning your move to Microsoft Defender portal for all Microsoft Sentinel customers
• Introducing Summary Rules Templates: Streamlining Data Aggregation in Microsoft Sentinel
• Manage cases from across tenants in one place
• Microsoft Sentinel: Repositories, the Future of Content-as-Code & Best Practices​
• Exciting Announcements: New Data Connectors Released Using the Codeless Connector Framework
• Multi-workspace for Multi-tenant is now in Public Preview in Microsoft's Unified SecOps Platform
• Multi Workspace for Single tenant is now in Public Preview in Microsoft’s unified SecOps platform
• Microsoft Sentinel Project Deployment Tracker
• New capabilities coming to Microsoft Sentinel this Spring
• Automating Azure Resource Diagnostics Log Forwarding Between Tenants with PowerShell
• Integrating Fluent Bit with Microsoft Sentinel
• Introducing Threat Intelligence Ingestion Rules
• Introducing the Unified Device Timeline Experience in Microsoft SIEM + XDR
• Announcing Public Preview: New STIX Objects in Microsoft Sentinel
• What’s new: Find the Sentinel content you need using AI search
• Improve SecOps collaboration with case management
• Ingesting Palo Alto Cortex XDR Logs into Microsoft Sentinel with the Updated CCP Connector
• Whats New: Bicep Support in Microsoft Sentinel Repositories
• How to successfully evaluate the SAP for Sentinel solution and implement it in production (Part 2)
• How to successfully evaluate the SAP for Sentinel solution and implement it in production (Part 1)
• Unified coverage management across SIEM and XDR in SOC optimization
• Introducing SOC Optimization Recommendations Based on Similar Organizations
• Go agentless with Microsoft Sentinel for SAP
• What's New: View Microsoft Sentinel Workbooks Directly from Unified SOC Operations Platform
• How Microsoft’s leading SIEM is getting even better
• Leave no data behind: Using summary rules to store data cost effectively in Microsoft Sentinel
• What’s New: Exciting new Microsoft Sentinel Connectors Announcement - Ignite 2024
• Deploy Microsoft Sentinel using Bicep
• Save money on your Sentinel ingestion costs with Data Collection Rules
• What to do if your Sentinel Data Connector shows as [DEPRECATED]
• Cowrie honeypot and its Integration with Microsoft Sentinel.
• Introducing the Use Cases Mapper workbook
• Level Up Your Security Skills with the New Microsoft Sentinel Ninja Training!
• What's New: Global Search in Unified Security Operations platform includes Sentinel user and devices
• Detecting AiTM Phishing via 3rd-Party Network events in Unified Security Operations Platform
• The power of Data Collection Rules: Detect Disabling Windows Defender Real-Time Protection
• The power of Data Collection Rules: Monitoring PowerShell usage
• SIEM Migration Update: Now Migrate with contextual depth in translations with Microsoft Sentinel!
• The power of Data Collection Rules: Collecting events for advanced use cases in Microsoft USOP
• Hunting with Microsoft Graph activity logs
• What's new: Multi-tenancy in the unified security operations platform experience in Public Preview
• Comprehensive coverage and cost-savings with Microsoft Sentinel’s new data tier
• Revolutionizing log collection with Azure Monitor Agent
• Microsoft Sentinel & Cyberint Threat Intel Integration Guide
• Frequently asked questions about the unified security operations platform
• Enhancing Security Monitoring: Integrating GitLab Cloud Edition with Microsoft Sentinel
• Microsoft Sentinel All-In-One now available for Azure Government
• Unified Security Operations Platform - Technical FAQ!
• What's new: Run playbooks on incidents on-demand going GA in unified platform
• Using Cribl Stream to ingest logs into Microsoft Sentinel
• Introducing SOC Optimization API
• What's New: Create your own codeless data connector
• Debugging Playbooks
• Public Preview: Log Analytics Workspace Replication
• Configuring archive period for tables at Mass for Data Retention within Log Analytics Workspace
• PART 3 - Ingesting AWS GovCloud Microsoft Sentinel in Azure Commercial
• SOC optimization: unlock the power of precision-driven security management
• Microsoft Sentinel: Delivering value to your SOC
• Send data to Microsoft Sentinel using Cribl Stream
• Examining the Deception infrastructure in place behind code.microsoft.com
• Setting up Sentinel for Kubernetes Monitoring
• Ingesting Non-Microsoft Cloud Security Data into Microsoft Sentinel for Gov & DIB customers part 2
• Ingesting Non-Microsoft Cloud Security Data into Microsoft Sentinel for Government & DIB Customers
• Enhance the ingestion of AWS CloudWatch logs into Microsoft Sentinel with AWS Lambda
• [What's New] Easily migrate to Microsoft Sentinel with the new SIEM migration experience
• Create Codeless Connectors with the Codeless Connector Builder (Preview)
• How to Set Up Sentinel Data Connectors for Kubernetes and GitHub
• Monitoring Kubernetes Clusters, Image Build Environment and Container Registries with Sentinel
• Upcoming Content Hub AMA supported Data Connectors
• Create Tasks Repository in Microsoft Sentinel
• What's New: CrowdStrike Falcon Data Replicator V2 Data Connector is now Generally Available!
• Unleash the full potential of User and Entity Behavior Analytics with our updated workbook
• Querying Watchlists
• Leveraging CEF with Azure Monitor Agent (AMA) for GCP-Hosted Fortinet Firewall and Syslog Forwarder,
• Use Azure DevOps to manage Sentinel for MSSPs and Multi-tenant Environments
• Become a Microsoft Unified SOC Platform Ninja
• Identifying Adversary-in-the-Middle (AiTM) Phishing Attacks through 3rd-Party Network Detection
• Microsoft Sentinel: Public preview of Microsoft Defender for Cloud to Defender XDR integration
• Sentinel's Enrichment Widgets: Elevating Cybersecurity Intelligence with Microsoft
• Microsoft Sentinel Partner Solution Contributions update - Ignite 2023
• Introducing a Unified Security Operations Platform with Microsoft Sentinel and Defender XDR
• Architecture Guidance: How to ingest GCP Firewall\VPC logs into Microsoft Sentinel
• What’s New: Introducing Microsoft Sentinel Web Session Essentials Solution.
• Fortifying Your Defenses: How Microsoft Sentinel Safeguards Your Organization from BEC Attacks
• Accelerating Zero Trust Alignment with Microsoft Sentinel
• Microsoft Sentinel's new incident experience is generally available!
• Introducing Microsoft Sentinel Optimization Workbook
• Manage Access to Microsoft Sentinel Workbooks with Lower Scoped RBAC
• Help Protect your Exchange Environment With Microsoft Sentinel
• Automate tasks management to protect your organization against threats
• Taking Entity Investigation to the Next Level: Microsoft Sentinel’s Upgraded Entity Pages
• Future Proof your SOC with the Power of the Azure Ecosystem and Defender Threat Intelligence
• Introducing the new Microsoft Sentinel simplified pricing.
• [What’s New] Microsoft Sentinel Content Hub GA and OOTB Content Centralization
• Detect threats on your Power Platform based no-code/low-code applications with Microsoft Sentinel
• What’s new: Monitor and optimize the execution of your scheduled analytics rules
• What's new: Microsoft Sentinel Solution for Dynamics 365 Finance and Operations
• Deep dive into Microsoft Sentinel’s new Overview dashboard
• Split Microsoft Sentinel Tables with Multi-Destination Data Collection Rules
• Introducing the Microsoft Sentinel Triage Assistant (STAT)
• NCS Case Study - End-to-End Integration of Custom BYOML model with Sentinel
• Revolutionize your SAP Security with Microsoft Sentinel's SOAR Capabilities
• Create, Edit, and Monitor Data Collection Rules with the Data Collection Rule Toolkit
• Announcing Public Preview of Microsoft Sentinel in Azure China 21Vianet
• What’s New: Introducing Microsoft Sentinel DNS Essentials solutions.
• RSAC 2023: Microsoft Sentinel empowering the SOC with next-gen SIEM
• Announcing Microsoft Sentinel All-in-One v2
• Advanced Workbook Concepts with Workbooks 202
• What's new with Microsoft Sentinel at Secure
• What’s new: Sentinel Solution for SAP BTP
• What’s New: Introducing Microsoft Sentinel Network Session Essentials solution
• [Coming soon] Microsoft Sentinel out-of-the-box content centralization!
• Tutorial: Get started with Azure WAF investigation Notebook
• ACSC Essential 8 – Health Report in Microsoft Sentinel
• Anomaly detection and Explanation with Isolation Forest and SHAP using Microsoft Sentinel Notebooks
• Designs for Accomplishing Microsoft Sentinel Scalable Ingestion
• What’s new: Monitor the health and audit the integrity of your analytics rules.
• Detect capture-replay vulnerabilities & exploits with the Sentinel solution for SAP® applications
• [What's New] Extract Actionable Intelligence from Text-based Threat Intel using Sentinel Notebook
• The new incident experience is here!
• Microsoft Sentinel Solution for SAP® Applications - New data exfiltration detection rules
• What’s New: Fusion Incident Investigation Notebook
• A Look at Different Options for Storing and Searching Sentinel Archived Logs
• Switching to Key Vault Secrets usage for Function App based Microsoft Sentinel Data Connectors
• MSTICPy Hack Month - February 2023
• What's New: More NEW Microsoft Sentinel SOAR solutions
• Azure Active Directory Identity Protection user account enrichments removed: how to mitigate impact
• What’s new: Run playbooks on entities on-demand
• Arm Your Microsoft Sentinel Platform with Industry-Leading Cyber Threat Intelligence from CYFIRMA
• [What’s New] Introducing Standalone and OOTB content management at-scale actions
• What’s New: 250+ Solutions in Microsoft Sentinel Content hub!
• What's New: Introducing Microsoft Sentinel solution for ServiceNow bi-directional sync
• Architectural Guidance – Azure Monitor private links with Microsoft Sentinel
• Dynamic alert details - The force awakens
• What’s new: Incident tasks
• What’s new: Monitor the health of your automation rules and playbooks
• Update to Microsoft Sentinel’s Technical Playbook for MSSPs is now available (v1.5.1)
• Microsoft is named a Leader in the 2022 Gartner® Magic Quadrant™ for Security Information and Event
• Upcoming changes to the CommonSecurityLog table
• What's New in Sentinel Threat Hunting
• Microsoft Sentinel: What's New at Microsoft Ignite
• UEBA Essentials solution now available in Content Hub!
• Public preview announcement: Defender for IOT solution for Microsoft Sentinel
• Announcing the enhanced Microsoft Sentinel AWS CloudTrail solution, powered by new MITRE-Based Rules
• Anomaly detection on the SAP audit log using the Microsoft Sentinel for SAP solution
• IoT Entity Page - Enhance IoT/OT Threat Monitoring in Your SOC with Sentinel and Defender for IoT
• Data Collection Rules Creation Impacting Sentinel UEBA ML Model
• Introduction to Machine Learning Notebooks in Microsoft Sentinel
• Microsoft Sentinel customizable machine learning based anomalies is Generally Available
• Create and delete incidents in Microsoft Sentinel
• Power of Threat Intelligence sprinkled across Microsoft Sentinel
• Troubleshoot Amazon Web Services S3 connector issues
• Enabling AD FS Security Auditing 📡 and Shipping Event Logs to Microsoft Sentinel 🛡️
• What's New: SOC Process Framework is Now Live in Content Hub!
• Hunting for Teams Phishing with Microsoft Sentinel, Defender, Microsoft Graph and MSTICPy
• Azure resource entity page - your way to investigate Azure resources
• New ingestion-SampleData-as-a-service solution, for a great Demos and simulation
• Detect Masqueraded Process Name Anomalies using an ML notebook
• Hunting for Low and Slow Password Sprays Using Machine Learning
• Bring Threat Intelligence from Kaspersky using TAXII data connector
• Protect critical information within SAP systems against cyberattacks
• New Threat Intelligence features in Microsoft Sentinel
• Intro to KQL Workbook - Summer Update
• Discover the power of UEBA anomalies in Microsoft Sentinel
• Microsoft Sentinel Solution for Dynamics 365 News – New OOB analytics rules templates available now!
• Microsoft Sentinel Automation Tips & Tricks – Part 3: Send email notification options
• What's New in Notebooks - MSTICPy v2.0.0
• Microsoft Sentinel Automation Tips & Tricks – Part 2: Playbooks
• Deploying Microsoft Sentinel Threat Monitoring for SAP agent into an AKS/Kubernetes cluster
• What’s new: Centrally manage automated response to alerts with automation rules
• Become a Microsoft Sentinel Automation Ninja!
• Import Anomali ThreatStream Feed into Microsoft Sentinel
• Migration to Microsoft Sentinel made easy
• Microsoft Sentinel Automation Tips & Tricks – Part 1: Automation rules
• Correlating Microsoft Defender for Cloud alerts in Sentinel
• Microsoft Threat Intelligence Matching Analytics: IP Detections
• I'm Being Attacked, Now What?
• Import Pulsedive Feed into Microsoft Sentinel
• Plan, Track, and Configure Your Microsoft Sentinel Deployment/Migration with This New Workbook
• Announcing the Microsoft Sentinel Hackathon Spring 2022 winners
• Celebrating the Microsoft Sentinel Ecosystem at RSAC 2022
• Analytic rules - 'Sentinel entities' new entity type
• Using Forcepoint NGFW advanced workbook to gain deep security analytics and insights
• Guided Hunting Notebook: Azure Resource Explorer
• What’s new: Automate full incident lifecycle with incident update triggers
• Export Historical Log Data from Microsoft Sentinel
• What’s new: incident expansion – relate alerts to incidents
• Import ReversingLab’s Ransomware Feed into Microsoft Sentinel
• Announcing the Microsoft Sentinel: NIST SP 800-53 Solution
• What's new: Similar incidents in Microsoft Sentinel
• Automating bulk onboarding of Azure IaaS and PaaS resources into Microsoft Sentinel
• Search, Investigate, & Respond to Indicators of Compromise with the Threat Intelligence Workbook
• What’s new: Closer integration between Microsoft Sentinel and Microsoft 365 Defender
• Microsoft Sentinel – Continuous Threat Monitoring for GitHub New OOTB Content
• Bring Threat Intelligence from SEKOIA.IO using TAXII data connector
• Unleash the Power of Modern SecOps with Microsoft Sentinel SOAR
• Microsoft Sentinel for SAP News - Dynamic SAP Security Audit Log Monitor feature available now!
• What's new: Power-up automation with Logic Apps Standard
• Using Microsoft Teams Adaptive Cards to enhance incident response in Microsoft Sentinel
• Export Microsoft Sentinel Playbooks or Azure Logic Apps with Ease
• Transferring Microsoft Sentinel scheduled alert rules between different workspaces using PowerShell
• New watchlist actions available for watchlist automation using Microsoft Sentinel SOAR
• Announcing the Microsoft Sentinel: Cybersecurity Maturity Model Certification (CMMC) 2.0 Solution
• Use the bulk update feature with Microsoft Sentinel Watchlists
• Announcing the search and filter UI enhancements in Watchlists
• Next Evolution of the Microsoft Sentinel Zero Trust (TIC 3.0) Solution
• Microsoft Sentinel Ninja Training - the March 2022 update
• Participate in the Microsoft Sentinel Hackathon Spring 2022!
• Update Microsoft Sentinel VIP Users Watchlist from Azure AD group using playbooks
• Common scenarios using Watchlists (with query examples)!
• How to use Microsoft Sentinel's SOAR capabilities with SAP
• What’s new: Unified Microsoft SIEM and XDR GitHub Community
• Microsoft Sentinel Support for Ingestion-Time Data Transformations
• FAQ: Search, Basic Ingestion, Archive, and Data Restoration
• Configure a continuous data pipeline in Microsoft Sentinel for big data analytics!
• Creating effective NRT detections in Microsoft Sentinel
• Large Watchlist using SAS key is in Public Preview!
• Behind the Scenes: The ML Approach for Detecting Advanced Multistage Attacks with Sentinel Fusion
• Joint forces - MS Sentinel and the MITRE framework
• New! Normalization is now built-in Microsoft Sentinel
• Ingest, Archive, Search, and Restore Data in Microsoft Sentinel
• What’s Next in Microsoft Sentinel?
• Microsoft Sentinel - SAP User Master Data
• Run Microsoft Sentinel playbooks from workbooks on-demand
• What's new: run playbooks on incidents on demand
• Visualize User and App Access Connections in Azure using Jupyter Notebooks in Microsoft Sentinel
• Log sources and analytics rules coverage workbook: see how your tables are being used
• What's New: Consolidating Apache Log4j-related insights across Multiple Tenants and Workspaces
• Microsoft Sentinel – continuous threat monitoring for GitHub
• The Codeless Connector Platform
• Modernize Log Management with the Maturity Model for Event Log Management (M-21-31) Solution
• What's new: Earn your Microsoft Sentinel Black Belt Digital Badge!
• Single Sign On Support for authentication in Microsoft Sentinel Notebooks
• Defending Critical Infrastructure with the Microsoft Sentinel: IT/OT Threat Monitoring Solution
• Get Hands-On KQL Practice with this Microsoft Sentinel Workbook
• What’s New: Detecting Apache Log4j vulnerabilities with Microsoft Sentinel
• Advanced KQL Framework Workbook - Empowering you to become KQL-savvy
• Microsoft Sentinel Jupyter Notebooks knowledge check test
• Microsoft Sentinel - SAP continuous threat monitoring workbooks
• Announcing the Microsoft Sentinel: Zero Trust (TIC3.0) Solution
• MSTICPy Hackathon - January 2022
• Unlock value from your incidents using advanced incident search
• Investigating Suspicious Azure Activity with Microsoft Sentinel
• Microsoft Sentinel - SAP continuous threat monitoring with UEBA entity pages
• Creating your first Microsoft Sentinel Notebook
• Announcing the Microsoft Purview Insider Risk Management Solution
• Microsoft Sentinel: Bring Threat Intelligence from Sectrio using TAXII data connector
• Using Code Snippets to build your own Sentinel Notebooks
• Learning with the Microsoft Sentinel Training Lab
• Announcing the Public Preview of the Microsoft Sentinel Playbook Templates Tab
• Automate more with 200+ OOTB playbooks
• Enable Continuous Deployment Natively with Microsoft Sentinel Repositories!
• Hunt with MITRE ATT&CK techniques using refreshed hunting dashboard
• Customize your hunting experience with MITRE ATT&CK techniques and more entity types
• What’s new: Microsoft Sentinel Deception Solution
• How to use Microsoft Sentinel Near Real Time detections
• Introducing Microsoft Sentinel Content hub!
• Detecting Emerging Threats with Microsoft Sentinel Fusion
• Detection tuning – “Making the tuning process simple - one step at a time.”
• Hunting for potential network beaconing patterns using Apache Spark via Azure Synapse – Part 1
• Security big data analytics with Azure Synapse and Microsoft Sentinel Notebooks!
• Microsoft Sentinel introduces enhancements in machine learning and productivity at Ignite 2021
• Announcing the Azure Sentinel Hackathon 2021 winners!
• Automation: Integrate Azure Data Explorer as Long-Term Log Retention for Microsoft Sentinel
• What’s New: Azure Sentinel Threat Intelligence Workbook
• MITRE ATT&CK technique coverage with Sysmon for Linux
• A Quick Guide on Using Sysmon for Linux in Azure Sentinel
• Automating the deployment of Sysmon for Linux 🐧 and Azure Sentinel in a lab environment 🧪
• Analyzing Endpoints Forensics - Azure Sentinel Connector
• Simple Row-Based Access Workbook: Lab Walk-Through with Azure Sentinel and Azure Data Explorer (ADX)
• The Azure Sentinel Anomalies Simulator
• Querying WHOIS/Registration Data Access Protocol (RDAP) with Azure Sentinel and Azure Functions
• Monitoring Microsoft Sentinel Analytical Rules – Push Health Notifications
• General Availability of Azure Sentinel Threat Intelligence in Public and Azure Government cloud
• Azure Sentinel To-Go! A Linux 🐧 Lab with AUOMS Set Up to Learn About the OMI Vulnerability 💥
• Microsoft Sentinel Notebooks Ninja Part 3: Overview of the Pre-built Notebooks - the Grand List
• Hunting for OMI Vulnerability Exploitation with Azure Sentinel
• Unusual MIRAI variant looks for mining infrastructure
• Microsoft Sentinel Notebooks Ninja Part 2: Getting Started with Microsoft Sentinel Notebooks
• Azure Sentinel Notebooks - Azure cloud support, new visualizations
• Azure Sentinel Information Model Fall Release: Speed & Ease
• What's New: Azure Sentinel - SOC Process Framework 8 Part Video Series!
• Check the health of your exported Microsoft Sentinel logs in your ADX cluster
• Microsoft Sentinel Ninja Training - the Sept 2021 update
• Introducing: Azure Sentinel Data Exploration Toolset (ASDET)
• Alert enrichment "how to reduce incident triage and investigation times using dynamic alert details”
• Becoming a Microsoft Sentinel Notebooks Ninja - The Series!
• Ingestion Cost Spike detection Playbook
• What's new: Microsoft Sentinel Ninja Training Knowledge Check
• What's new: Azure Sentinel new onboarding/offboarding API
• What's new: Incident advanced search is now public!
• What’s new: Fusion Detection for Ransomware
• Azure Sentinel SQL Solution Query Deep-Dive
• What's new: Watchlists templates are now in public preview!
• What's new: ASIM File Activity schema
• Understanding API connections for your Microsoft Sentinel Playbooks
• Microsoft Threat Intelligence Matching Analytics
• Software Defined Monitoring - Using Automated Notebooks and Azure Sentinel to Improve Sec Ops
• What's new: IdentityInfo table is now in public preview!
• What's New: Updated Microsoft Sentinel Documentation July Edition
• Integrating SIEM + XDR: Azure Sentinel and Azure Defender bi-directional incident sync
• What’s New: Azure Sentinel Hunting supports ADX cross-resource queries
• Azure Sentinel Solutions for Partners: Build Combined Value for a Wider Audience
• Watchlist is now Generally Available
• What's new: ASIM Authentication, Process, Registry and enhanced Network schemas
• Testing the New Version of the Windows Security Events Connector with Azure Sentinel To-Go!
• Moving Azure Activity Connector to an improved method
• Join in the Azure Sentinel Hackathon 2021!
• What's New: Microsoft Sentinel Watchlist Support for ARM Templates!
• Enhanced Azure Sentinel Alert remediation in the SOC Process Framework
• What’s New: Azure Sentinel Update Watchlist UI Enhancements
• What's new: Azure Sentinel Information Model DNS Schema and normalized content now public
• Microsoft Defender Security Insights in Azure Sentinel
• Announcing pricing changes to Azure Sentinel and Azure Monitor Log Analytics to help you save costs
• What’s new: customize entity page timeline!
• What’s new: Detect credential leaks using built-in Azure Sentinel notebooks!
• Azure Sentinel PowerShell Module Az.SecurityInsights has been released to GA!
• Who Watches the SOC Team? Enabling Audit/Risk Teams to Monitor the SOC
• Announcing 15+ New Azure Sentinel Data Connectors
• Democratize Machine Learning with Customizable ML Anomalies
• RSA Conference 2021: New innovations for Azure Sentinel
• Introducing Azure Sentinel Solutions!
• What’s new: IP entity page
• What's new: Incident Team - collaborate in Microsoft Teams
• What’s new: Hunting dashboard refresh
• What's New: Fusion Advanced Multistage Attack Detection Scenarios with Scheduled Analytics Rules
• What's New: Azure Sentinel - SOC Process Framework Workbook
• Automate Incident Assignment with Shifts for Teams
• Azure Sentinel Side-by-Side with Splunk via EventHub
• What’s New: Azure Sentinel: Zero Trust (TIC3.0) Workbook
• MSTICPy and Jupyter Notebooks in Azure Sentinel, an update
• Non-interactive logins: minimizing the blind spot
• What’s new: Incident timeline
• How to use Azure Sentinel for Incident Response, Orchestration and Automation
• Group-IB Threat Intelligence and Attribution Connector - Azure Sentinel
• IoT Asset discovery based on FW logs
• Web Shell Threat Hunting with Azure Sentinel
• Best practices for migrating detection rules from ArcSight, Splunk and QRadar to Azure Sentinel
• What’s new: Automation rules
• Monitoring the Software Supply Chain with Azure Sentinel
• What’s new: Alert Enrichment – Custom Details and Entity Mapping
• Whats new: Azure Sentinel and Microsoft 365 Defender incident integration
• Microsoft Ignite 2021: Blob and File Storage Investigations
• Visibility of Azure key vault activity in Sentinel Azure Key Vault Workbook
• Utilize Watchlists to Drive Efficiency During Microsoft Sentinel Investigations
• Microsoft Ignite 2021: What's New in Azure Sentinel
• 30+ New Azure Sentinel Data Connectors
• Jupyter Notebook Pivot Functions
• Handling false positives in Azure Sentinel
• Use Microsoft Azure Sentinel and Anomali Match for actionable threat detection
• What's new: User and Entity Behavior Analytics (UEBA) insights in the entity page!
• The Toolkit for Data-Driven SOCs
• Categorizing Microsoft alerts across data sources in Azure Sentinel
• Bring Remediation Steps into Azure Sentinel
• Migrating QRadar offenses to Microsoft Sentinel
• Automatically disable On-prem AD User using a Playbook triggered in Azure
• What's New: Cybersecurity Maturity Model Certification (CMMC) Workbook in Public Preview
• Centralize your security response with Azure Sentinel & PagerDuty
• Using NXLog to enhance Azure Sentinel’s ingestion capabilities
• Azure Sentinel All-In-One Accelerator
• What’s New: Support for formatted comments and comments editing and deleting!
• Move Your Microsoft Sentinel Logs to Long-Term Storage with Ease
• New Year - New Official Azure Sentinel PowerShell Module!
• Protecting your DocuSign Agreements with Microsoft Sentinel
• Bring Threat Intelligence from IntSights Using TAXII Data Connector
• What’s new: Dedicated clusters for Microsoft Sentinel
• What’s new: Managed Identity for Azure Sentinel Logic Apps connector
• Handling ingestion delay in Azure Sentinel scheduled alert rules
• What's New: Improved Analytics Preview Graph in Public Preview !
• The Ninja Training 2021 edition is out!
• The FAQ companion to the Azure Sentinel Ninja training
• Ingestion Cost Alert Playbook
• Data Connector Health - Push Notification Alerts
• SolarWinds Post-Compromise Hunting with Azure Sentinel
• Microsoft Cloud App Security (MCAS) Activity Log in Azure Sentinel
• What's new: Improvements to the Log Analytics Agent
• Bring threat intelligence from Sixgill using TAXII Data Connector
• How to setup a Canarytoken and receive incident alerts on Azure Sentinel
• What's New: 80 out of the box hunting queries!
• What's New: Azure Sentinel Logic Apps Connector improvements and new capabilities
• Using the VirusTotal V3 API with MSTICPy and Azure Sentinel
• How to export data from Splunk to Azure Sentinel
• Using Azure Data Explorer for long term retention of Microsoft Sentinel logs
• Hunting for Barium using Azure Sentinel
• What's new: Monitoring your Logic Apps Playbooks in Azure Sentinel
• What’s new: Microsoft 365 Defender connector now in Public Preview for Microsoft Sentinel
• What's New: Multiple playbooks to one analytic rule
• Deploying and Managing Azure Sentinel - Ninja style
• New Azure Kubernetes Service (AKS) Security Workbook
• O365 & AAD Multi-Tenant Custom Connector - Azure Sentinel
• Guided UEBA Investigation Scenarios to empower your SOC
• SOC Prime O365 rules and more now offered free, exclusively to Azure Sentinel users
• Announcing the Investigation Insights Workbook
• Expanding Microsoft Teams Log Data in Azure Sentinel
• What’s New: Entity Insights for Convenient Investigation Checks is Now in Public Preview
• Playbooks & Watchlists Part 2: Automate incident response for Deny-list/Allow-list
• Playbooks & Watchlists Part 1: Inform the subscription owner
• What's new: Watchlist is now in public preview!
• Using Jupyter Notebook to analyze and visualize Azure Sentinel Analytics and Hunting Queries
• Aggregating Insider Risk Management Information via Azure Sentinel
• What's new: New Fusion detections and BYOML in public preview!
• What’s New: HTML and Markdown support for incident comment
• Build-Your-Own Machine Learning detections in the AI immersed Azure Sentinel SIEM
• Azure Sentinel To-Go (Part2): Integrating a Basic Windows Lab 🧪 via ARM Templates 🚀
• Watching the Watchers: Monitoring Azure Sentinel Query Activity for Malicious Activity.
• Understanding Microsoft Teams Data Schema in Azure Sentinel - Analyst / Researcher View
• Auditing Microsoft Sentinel activities
• Enriching Windows Security Events with Parameterized Function
• Analysing Web Shell Attacks with Azure Defender data in Azure Sentinel
• What's new: Azure Sentinel User and Entity Behavior Analytics in Public Preview!
• What's New: PowerShell+Azure Sentinel notebooks to supercharge your hunting and investigations!
• What's new: The new Azure Sentinel Notebooks experience is now in public preview!
• What's new: Threat Intelligence menu item in Public Preview!
• Stay ahead of threats with new innovations from Azure Sentinel
• How to align your Analytics with time windows in Azure Sentinel using KQL (Kusto Query Language)
• What's new: Analytics FileHash entity hits GA!
• What’s new: Office 365 Advanced Threat Protection connector in Public Preview
• Microsoft Sentinel Incident Bi-directional sync with ServiceNow
• What’s New: Cross-workspace Analytics Rules
• How to Protect Office 365 with Azure Sentinel
• What’s new: Azure DDoS Protection connector in Public Preview for Azure Sentinel
• What’s new: Microsoft Teams connector in Public Preview
• How to integrate vulnerability management in Azure Sentinel
• What’s New: Azure Firewall Connector in Public Preview!
• Remediate Vulnerable Secure Channel Connections with the Insecure Protocols Workbook
• What’s New: Query line numbering, Azure Sentinel in the schema pane
• MSTIC Notebooklets - Fast Tracking CyberSec Jupyter Notebooks
• Monitoring Azure Kubernetes Service (AKS) with Microsoft Sentinel
• Announcing a new Azure Sentinel GitHub Leaderboard!
• Accelerate your Azure Sentinel Deployment with this Azure DevOps Boards Template
• Guided Hunting Notebook: Base64-Encoded Linux Commands
• Secure your Calls- Monitoring Microsoft TEAMS CallRecords Activity Logs using Azure Sentinel
• Ingesting log files from AWS S3 using AWS Lambda
• Azure Sentinel Insecure Protocols Workbook Reimagined
• What’s new: SOC operational metrics now available in Microsoft Sentinel
• What's new: Azure Sentinel and Microsoft Defender ATP improved alert integration
• Announcing the Azure Sentinel Hackathon winners
• What's New: Incident Auto-refresh hits GA!
• Enrich Azure Sentinel security incidents with the RiskIQ Intelligence Connector
• Azure Sentinel Ninja Training: The July 2020 update
• New Azure Sentinel connectors
• Hunting the Clues- Azure Sentinel Administrative Suspicious Activities Library
• What's New: Cross Workspace Hunting is now available!
• Azure Sentinel Workbooks 101 (with sample Workbook)
• What's New: Azure Sentinel Machine Learning Behavior Analytics: Anomalous RDP Login Detection
• Azure Sentinel Side-by-Side with QRadar
• Microsoft Sentinel API 101
• Handling sliding windows in Azure Sentinel rules
• Monitoring SQL Server with Azure Sentinel
• New Azure Sentinel notebook experience and the retirement of the Azure Notebooks service preview
• Hunting for anomalous sessions in your data with Azure Sentinel
• Automating the onboarding on-premises, AWS and GCP VMs on Sentinel with Azure Arc
• Azure Sentinel Ninja Training: The June 2020 update
• What's New: Livestream for Azure Sentinel is now released for General Availability
• Using external data sources to enrich network logs using Azure storage and KQL
• MAY THE "TI" BE WITH YOU: Connect ThreatConnect TIP with Azure Sentinel
• Protecting your GitHub assets with Azure Sentinel
• Sending enriched Microsoft Sentinel alerts to 3rd party SIEM and Ticketing Systems
• Web shell threat hunting with Azure Sentinel and Microsoft Threat Protection
• Azure Security Center Auto-connect to Sentinel
• What’s New: Azure Sentinel Threat Hunting Enhancements
• Secure Working from Home – Deep Insights at Enrolled MEM Assets via Azure Sentinel
• Protecting MSSP’s Intellectual Property in Microsoft Sentinel
• Making your Microsoft Sentinel Workbooks multi-tenant (or multi-workspace)
• Approximate, partial and combined lookups in Azure Sentinel
• Integrating open source threat feeds with MISP and Sentinel
• Using Azure Playbooks to import text-based threat indicators to Azure Sentinel
• Using the Sentinel API to view data in a Workbook
• What's New: Cross Workspace Incident View in Public Preview!
• Kicking off the Azure Sentinel Hackathon!
• Monitoring Windows Virtual Desktop environments (Fall 2019 release) with Microsoft Sentinel
• Graph Visualization of External Teams Collaborations in Azure Sentinel
• Monitoring Zoom with Azure Sentinel
• Hunting Threats on Linux with Azure Sentinel
• Azure Sentinel Sigma & SOC Prime Integration (Part 3): Deploy to multiple workspaces and tenants
• Creating digital tripwires with custom threat intelligence feeds for Azure Sentinel
• Gain Compliance, Posture, and Protection Insights with this Azure Security Center Related Workbook
• Become a Microsoft Sentinel Ninja: The complete level 400 training
• Controlling access to Azure Sentinel Data: Resource RBAC
• Enriching Azure Sentinel with Azure AD information
• Azure Sentinel Sigma & SOC Prime Integration (Part 2): Directly deploy to Azure Sentinel
• Help for Security Operations Centers facing new challenges
• What’s New: Improved Incident Closing Experience is now Available!
• Enabling security research & hunting with open source IoT attack data
• Azure Sentinel Resource Terminus - board here!
• Quick wins - Identify signs of intrusions in real time with Microsoft Sentinel Livestreams
• Usage reporting for Azure Sentinel
• Protecting your Teams with Azure Sentinel
• Azure Sentinel To-Go (Part1): A Lab w/ Prerecorded Data 😈 & a Custom Logs Pipe via ARM Templates 🚀
• Compliance Reporting for Azure
• Ingest Fastly Web Application Firewall logs into Azure Sentinel
• Access Azure Sentinel Log Analytics via API (Part 1)
• Azure Sentinel Sigma and SOC Prime Integration (Part 1): Convert Sigma rules to Azure Sentinel
• Connect X-Force Exchange API on Microsoft Sentinel
• Ingesting Auditd (configured for PAM TTY Session Key Logging) into Azure Sentinel
• Azure Sentinel Side-by-Side with Splunk
• Combining Azure Lighthouse with Microsoft Sentinel’s DevOps capabilities
• Azure Sentinel Insecure Protocols Workbook Implementation Guide
• What’s New: Reduce alert noise with Incident settings and alert grouping in Azure Sentinel
• Scaling Up Syslog CEF Collection
• Office 365 Email Activity and Data Exfiltration Detection
• Bring your threat intelligence to Microsoft Sentinel
• Explorer Notebook Series: The Linux Host Explorer
• Deploying and Managing Microsoft Sentinel as Code
• Extending Azure Sentinel: APIs, Integration and management automation
• Implementing Lookups in Azure Sentinel
• Ingesting Alien Vault OTX Threat Indicators into Azure Sentinel
• Ingest Box.com activity events via Microsoft Cloud App Security into Azure Sentinel
• Ingest Sample CEF data into Azure Sentinel
• Azure Sentinel correlation rules: the join KQL operator
• Using Azure Lighthouse and Azure Sentinel to Investigate Attacks Across Multiple Tenants
• Ingest Office 365 DLP Events into Azure Sentinel
• Azure Sentinel correlation rules: Active Lists out; make_list() in, the AAD/AWS correlation example
• Hunting for Capital One Breach TTPs in AWS logs using Azure Sentinel - Part II
• Best Practices for Common Event Format (CEF) collection in Azure Sentinel
• Hunting for Capital One Breach TTPs in AWS logs using Azure Sentinel - Part I
• Azure Sentinel – Microsoft Ignite 2019 Recap
• Using the new built-in URL detonation in Azure Sentinel
• Azure Sentinel and Azure Arc
• Try Azure Sentinel Alongside Your Existing SIEM
• Ingesting Office 365 Alerts with Graph Security API
• Upcoming Azure Sentinel training webinars
• How to use Azure Sentinel to follow a Users travel and map their location
• How to use Azure Monitor Workbooks to map Sentinel data
• Table Level RBAC In Microsoft Sentinel
• Azure Sentinel at Microsoft Ignite
• New: Per data type retention is now available for Azure Sentinel
• Identifying Threat Hunting opportunities in your data
• What am I looking at? - Using Notebooks to gain situational awareness.
• Using Threat Intelligence in your Jupyter Notebooks
• Azure Sentinel is now Generally Available!
• Azure Sentinel: Creating Custom Connectors
• Preparing towards Azure Sentinel's GA
• Best practices for designing a Microsoft Sentinel or Azure Defender for Cloud workspace
• Upcoming Changes to Fusion in Azure Sentinel
• Azure Sentinel Agent: Collecting from servers and workstations, on-prem and in the cloud
• Azure Sentinel: The connectors grand (CEF, Syslog, Direct, Agent, Custom and more)
• Azure Sentinel: Collecting logs from Microsoft Services and Applications
• Detect Network beaconing via Intra-Request time delta patterns in Azure Sentinel
• Tip: Easily use JSON fields in Sentinel
• Sending Proofpoint TAP logs to Azure Sentinel
• Microsoft Sentinel Blog - Table of Contents
• Using KQL functions to speed up analysis in Azure Sentinel
• msticpy - Python Defender Tools
• Time Series visualization of Palo Alto logs to detect data exfiltration
• Importing Sigma Rules to Azure Sentinel
• Looking for unknown anomalies - what is normal? Time Series analysis & its applications in Security
• Security Investigation with Azure Sentinel and Jupyter Notebooks – Part 3
• Sending REST API data to Azure Sentinel
• Time series analysis applied in a security hunting context
• Security Investigation with Azure Sentinel and Jupyter Notebooks – Part 2
• Integrating Azure Security Center with Azure Sentinel
• Why Use Jupyter for Security Investigations?
• Security Investigation with Azure Sentinel and Jupyter Notebooks – Part 1
• Azure Sentinel: Performing Additional Security Monitoring of High-Value Accounts

Community Blogs

• Boost Your TI: Integrating Free AlienVault OTX IOCs into Microsoft Sentinel
• Sentinel Watchlists: A Diamond in the rough
• The KQL User Audit Playbook: Your Template for Investigations
• Protecting Your Microsoft Sentinel Solution from Deletion or Corruption
• SentinelCodeGuard: A Journey from Concept to VS Code Plugin
• SentinelCodeGuard: Revolutionising Microsoft Sentinel Rule Development
• Simplifying Azure Log Analytics Table Retention Management: A Modern Approach
• Automate IP enrichment in Microsoft Sentinel incidents with IP Quality Score (IPQS)
• Revolutionizing Threat Intelligence in Microsoft Sentinel: Transitioning to Enhanced Modeling and Advanced Threat Hunting
• Sentinel-ThreatIntelIndicators-Migration
• Automating Security: Creating Microsoft Sentinel Watchlists from Entra ID Group Membership
• Restricting Deletions of Incidents in Sentinel
• Monitoring your DevOps platform
• Azure DevOps Auditing with Sentinel
• Azure DevOps Service security monitoring using Azure Sentinel
• Use Cases For Sentinel Summary Rules
• Microsoft Sentinel Summary KQL deep dive (From Beginner to Advanced KQL)
• Sentinel Automation Part 2: Automate CISA Known Exploited Vulnerability Notifications
• Optimize Microsoft Sentinel Log Retention with Azure Data Explorer
• Ingest Firewall logs into Sentinel Auxiliary Logs tier using Logstash with only $0.10/GB
• Demistifying Microssoft Sentinel Multi-Tier logging
• Deep Dive into Microsoft Sentinel Summary Rules
• SOC Optimization in Microsoft Sentinel
• Secure your Microsoft Sentinel playbooks with managed identities
• Split up your logs with $pl1tR
• Unlimited Advanced Hunting for Microsoft 365 Defender with Azure Data Explorer
• Unlimited Advanced Hunting for Microsoft 365 Defender with Azure Data Explorer – Part II
• Microsoft Sentinel ASIM Parser demystified
• Microsoft Sentinel - Azure LightHouse
• Microsoft Sentinel - Your First Instance
• Part 1 : Threat Detection Engineering and Incident Response with AuditD and Sentinel — along how to understand and use AuditD
• Part 2: Threat Detection Engineering and Incident Response with AuditD and Sentinel — Combine Events by ID with Laurel before sending to Sentinel as JSON and Parser for event searching and alert building
• How to: KQL Parsing AuditD Syslog in Microsoft Sentinel with a function and combining the events by EventID
• Microsoft Azure Sentinel 101: Automatically add TLP(Traffic Light Pattern) to Incidents with logic apps/playbooks and automation by query tagging.
• Microsoft Azure Sentinel 101: Dynamically update and change Alert/Incident Severity — based on query results with automation or logic apps for all alerts
• Microsoft Azure Sentinel 101: Update alert descriptions dynamically without limits — Unlimited meta data options with helpful content.
• Maintaining Microsoft Sentinel Analytic Rules in JSON and YAML with GitHub Actions
• Enriching Microsoft Sentinel tables with eligible Entra directory roles
• Defending Azure Active Directory with Azure Sentinel
• Keep an eye on your Azure AD guests with Microsoft Sentinel

Playbooks

• Synchronize TOR Exit Nodes to Azure AD Named Location List using the free Big Data Cloud API
• SentinelPlaybooks - Rod Trent
• Sentinel Automation - Bert Jan

GitHub

• Microsoft Sentinel Scout
• SentinelBlog
• GitHub Repo from Seyed A Nouraie
• Microsoft Azure Log Analytics Table Retention Update Script
• Sentinel TI Upload Toolkit
• API samples
• Microsoft Sentinel and Microsoft 365 Defender
• Microsoft Sentinel To-Go!
• Sentinel ATT&CK
• Microsoft Sentinel Notebooks
• Microsoft Sentinel Triage AssistanT (STAT)
• Microsoft Sentinel - SEC Operations
• Log Splitr
• Azure DevOps detection rules
• ASIM Parsers Index

Tools

• Sentinel Data Lake Cost Calculator

Learning and Training

• Optimizing Your Security Operations: Manage Your Data, Costs and Protections with SOC Optimizations
• Optimizing your SOC's threat coverage and data value

Documentation

• Migrate from the HTTP Data Collector API to the Log Ingestion API to send data to Azure Monitor Logs