Raising Sentinel alerts, if SMS is re-enabled in your tenant.
Category Archives: sentinel
Sentinel: SSE logging and alerting
Raising Sentinel alerts for the new Microsoft’s Security Service Edge (SSE) events.
Initial Assessment: Connecting the dots with AOAI
A playbook to generate a security incident’s initial assessment where Azure OpenAI connects the dots for the junior SOC engineers.
Brainstorming with AOAI: Tackling False Positives
A playbook for SOC engineers to brainstorm with Azure OpenAI on ways to improve the quality of security alerts and prevent false positives.
Improving my MSSP SOC chatbot
Documenting a few improvements on the SOC chatbot I created in my previous post. Specifically, keeping the chatbot grounding information up to date using a Cognitive Search recurring indexer.
Investigation suggestions from related incident comments & a SOC chatbot with Azure OpenAI
Generating Sentinel incident investigation suggestions based on comments from closed related incidents using a custom Logic App that connects to Azure OpenAI. And for some additional grounding, a little RAG for a chatbot that knows a lot about my customers.
Sentinel Incident Report using Azure OpenAI
Generating an Incident Report based on data from a Sentinel incident using a custom Logic App that connects to Azure OpenAI (gpt-3.5-turbo and gpt-4).
Global watchlists?
Managing lists globally and locally, i.e., on a customer-by-customer basis, using watchlists and externaldata.
Sentinel Playbook and Azure OpenAI
Sentinel automation playbooks using a custom Logic App connector that uses the new API with gpt-3.5-turbo and gpt-4. This time with Azure OpenAI vs OpenAI. This playbook creates incident tasks generated from AOAI.
Sentinel POC – Architecture and Recommendations for MSSPs – Part 2
Common topics that come up when partners, specifically MSSPs, are testing Microsoft Sentinel features to evaluate its SIEM and SOAR capabilities. Part 2.
My Faber Security 