Discussing various Sentinel and Defender XDR detections related to multi-tenant applications, including the ones that are possible and the ones that are not.
Author Archives: Angelica Faber
Playing with Copilot Studio – Part 2
My initial adventures with Copilot Studio. Part 2 is on AI Plugins, specifically, a very simple Security prompt I created.
Playing with Copilot Studio – Part 1
My initial adventures with Copilot Studio. Part 1 is about Topics, specifically, a very simple Security Topic I created.
Sentinel alert if SMS is re-enabled
Raising Sentinel alerts, if SMS is re-enabled in your tenant.
Sentinel: SSE logging and alerting
Raising Sentinel alerts for the new Microsoft’s Security Service Edge (SSE) events.
Initial Assessment: Connecting the dots with AOAI
A playbook to generate a security incident’s initial assessment where Azure OpenAI connects the dots for the junior SOC engineers.
Brainstorming with AOAI: Tackling False Positives
A playbook for SOC engineers to brainstorm with Azure OpenAI on ways to improve the quality of security alerts and prevent false positives.
Improving my MSSP SOC chatbot
Documenting a few improvements on the SOC chatbot I created in my previous post. Specifically, keeping the chatbot grounding information up to date using a Cognitive Search recurring indexer.
Investigation suggestions from related incident comments & a SOC chatbot with Azure OpenAI
Generating Sentinel incident investigation suggestions based on comments from closed related incidents using a custom Logic App that connects to Azure OpenAI. And for some additional grounding, a little RAG for a chatbot that knows a lot about my customers.
Sentinel Incident Report using Azure OpenAI
Generating an Incident Report based on data from a Sentinel incident using a custom Logic App that connects to Azure OpenAI (gpt-3.5-turbo and gpt-4).
My Faber Security 