AzureTracks

In today's post, we explore using Microsoft Sentinel to detect, and respond to threats using custom analytics rules using Kusto Query Language (KQL).  This allows you to tailor threat detection to your organization's specific needs, ensuring that no threat goes unnoticed and tuning the detections to exclude low value and noisy results that clutter up the incident queue.

Sentinel Tip - Keep Analytics Rules Relevant: Update Mitre Att&ck Properties and KQL queries to reflect periodic updates to your environment, changes in your cloud and on-premises environments, and changing attacks in the wild. #SOC #Governance #AnalyticsRules #HuntingQueries

Sentinel Tip - Enable Diagnostic Settings: Use diagnostic settings to collect and analyze platform logs. This helps in troubleshooting and improving system performance. Bonus > Use Azure Policy to enforce diagnostic settings! #Diagnostics #Troubleshooting #Performance

On this last updates post of 2024, I would like to thank each and every one of my readers and community members that have made 2024 such an interesting year! What a pace of change we have reached in technology this past year. It's really something for us all to reflect on as we begin the journey of this 2025 New Year!

Sentinel Holiday Time Tip - Optimize Query Performance: Use best practices to optimize the performance of your KQL queries. Efficient queries reduce resource consumption and improve response times while controlling SIEM costs. #QueryOptimization #Performance #Efficiency

Wishing you a wonderful and caring Christmas Day! I'm so grateful for my family, friends, and all of the online IT community support. Have a Merry Christmas & an enjoyable holiday season!

Merry Christmas from AzureTracks! 🎄 As the holiday season is nearly upon us, I want to extend my warmest wishes to all our readers and supporters. This year has been filled with exciting advancements and innovations in the world of Azure, and I couldn’t have done it without your continued engagement and enthusiasm.

Sentinel Tip - Implement Role-Based Access Control (RBAC): Assign appropriate roles to users to ensure secure access. RBAC helps in managing permissions and maintaining security. #RBAC #AccessControl #Security

Sentinel Tip - Use Machine Learning & AI: Incorporate machine learning models and Copilot for Security to enhance detection capabilities. Copilot & Machine learning helps in identifying complex patterns and threats. Respond at the speed of AI. #MachineLearning #Detection #AI #Copilot #Automation

Sentinel Tip - Use Custom Logs: Create custom logs for unique data sources not covered by built-in connectors. This allows you to ingest and analyze data from virtually any source. #CustomLogs #DataIngestion #Flexibility