Common topics that come up when partners, specifically MSSPs, are testing Microsoft Sentinel features to evaluate its SIEM and SOAR capabilities. Part 1.
Category Archives: sentinel
My adventures with Sentinel and the OpenAI Logic App Connector
Sentinel automation playbooks using the OpenAI Logic App connector.
MSSPs and Identity: Q&A
Follow-up to the previous blog post to answer common questions on MSSPs and Identity
MSSPs and Identity
Identity configuration recommendations for MSSPs.
Sentinel Repositories
A quick introduction to Sentinel Repositories.
Safely integrate playbooks with custom APIs when there is no pre-built Logic App connector.
How to create a custom logic app connector, so you can store your API key securely and use it within your playbooks, when there is no pre-built connector.
Azure Lighthouse and Sentinel: Assigning access to managed identities in the customer tenant
MSSP – To trigger playbooks in the customer tenants sometimes you need to assign the managed identities of those playbooks permissions to execute actions within the customer tenant. This post covers the steps to configure the access required to assign those roles and the steps to assign the roles as well.
Delegate access using Azure Lighthouse for a Sentinel POC
Steps to delegate access to users on another tenant for a Sentinel POC using Azure Lighthouse.
Disguising data
Testing the new ingestion time transformation features in Microsoft Sentinel.
Leave it open and they will come
A story of how I left an RDP port wide open (oops!) and MDC and Sentinel came to my rescue when my resource was attacked.
My Faber Security 