security automation blog

So this is mostly a self reference post about the action button in Defender XDR when you select rows returned from an advanced hunting query. I’ve used it in the past, but not really thought about it. I did some light digging and based on this article it’s most likely... [Read More]

Data lake is here, rejoice. It also brings up a bunch of questions, like do I still need Microsoft Sentinel? Yes. Is this just auxiliary logging done well without a lot of complications, like not being able to use the “new” Azure Monitoring Agent and instead having to lean on... [Read More]

I recently did a presentation with the same title as this post and figured it would be a good idea to also type out some of the points made there, as I think it’s valuable. I’ve split it up into three sections (don’t worry, it won’t be three parts) that... [Read More]

Jumping straight into this one, custom detection rules are similar to analytic rules in Microsoft Sentinel, but allow us a limited option of response actions instead of automation rules and playbooks currently. [Read More]

Welcome back! This time, I’m writing a contribution to the Azure Spring Clean running in March 2025. It’s a community effort, so very happy to contribute. Please visit Azure Spring Clean for more content from the community! [Read More]