Tag: Azure Sentinel
Explore:
What is a ‘security culture’? Best practices for implementing your security strategy
Over 100 million attacks against remote management devices were observed in May 2022. Today, a Zero Trust security approach is crucial in a world of remote work.
Azure Workbook: This will show Public IP Address that you have
This Azure Monitor Workbook can help identify by using KQL (Kusto Query Language) data from AzureActivity and Azure Resource Graph (ARG) which IP addresses are configured and when. Tip you can also use the queries to form an Alert in Azure Monitor or Azure Sentinel to detect when a IP address is made public. Log Analytics: Queries, how to find and run them in a Workbook – part 2
I hadn’t intended a Part 2 on this topic, but I also managed to add Tabs into the “FindMySyntax” Workbook for Azure Monitor Workbooks and Azure Resource Graph. Please see part1: http://approjects.co.za/?big=en-gb/industry/blog/cross-industry/2020/06/18/log-analytics-kql-saved-queries-how-to-find-and-run-them-in-a-workbook/ For future versions please look here: https://github. Log Analytics Workspace Retention Reporting Options (Part 2)
In my previous post I talked about using Postman to make a REST API call to a Log Analytics workspace to view and change the retention settings. Equally I mentioned that I would look to utilise an Azure Monitor workbook to visualise the settings. Log Analytics: KQL saved Queries, how to find and run them in a Workbook
Summary Log Analytics has a option called Query Explorer (note, this is due to be updated, so this example is applicable for a short period of time). If like me you have 100’s of saved queries, managing them can be a challenge (my #1 challenge! Log Analytics Workspace Retention Reporting Options (Part 1)
Hi all, This is the first of two posts that I will be doing on how you can report on the Retention settings of an Azure Log Analytics workspace. In the second post I will provide a sample Workbook for displaying the settings. Log Analytics or Azure Sentinel – how schedule a report
In this post I show how you can schedule a report to run, using a Log Analytics query, its a frequent ask and one I have answered a few times in posts like this: https://techcommunity.microsoft. Audit at scale. Workspaces and Azure Security Center
A few times this week I’ve had two discussions. How is my Azure Security Center (ASC) licenced and configured? And how many workspaces do I have, and what retention policy is set. Log Analytics: Improved rendering of Charts
Hi all, I just found out today that the Render operator now supports more features in Log Analytics. Azure Sentinel: Adding the query data to an Alert in a Playbook
Azure Sentinel Playbooks (based on Logic Apps) are commonly used to take Alert data and perform a Security Orchestration, Automation and Response (SOAR) capability For this issue (I was asked about it twice today so decided to post the answer).