Plan types now show up in the Usage table
The Usage table now exposes plan information, making it much easier to break down Microsoft Sentinel ingestion by Analytics, Basic, and Auxiliary with native KQL.
Read more →
security automation blog
newest posts
AADGraphActivityLogs is now available
Quick notes on the new AADGraphActivityLogs table, sample data generation with AADInternals and ROADtools, and some starter queries.
Read more →
A Guide to Presenting Stuff, sort of
A semi-practical guide to how presenting better helps you learn, whether you're on stage, in a meeting, or just trying to explain a technical idea clearly.
Read more →
How to use Log Horizon to improve Microsoft Sentinel posture
A tutorial to using the Log Horizon tool to get an overview of your Microsoft Sentinel deployment, including logs, detection and Defender XDR integration.
Read more →
Tools and repositories
log-horizon
Microsoft Sentinel SIEM log source analyzer. Classifies tables, scores cost-vs-detection value, and generates recommendations.
PowerShell
19
MicrosoftSentinel-Scripts
Repository for publishing scripts related to Microsoft Sentinel.
PowerShell
8
misp2sentinelone
Proof of concept PowerShell functions for sending TI from MISP to SentinelOne.
PowerShell
7
DarkLighthouse
Simple tool to detect Azure Lighthouse delegations and automate persistence setup.
PowerShell
6
rustymisp2sentinel
Rust tool for sending threat intelligence from MISP to Microsoft Sentinel.
Rust
2
pwshmisp
Module for interacting with a MISP server using PowerShell.
PowerShell
misp-filter-builder
Web app for building MISP warninglist filters quickly and safely.
TypeScript
pwshuploadindicatorsapi
PowerShell module for sending indicators of compromise to the Upload Indicators API (Microsoft Sentinel).
PowerShell
MicrosoftSentinel-Templates
Collection of ARM and other templates for Microsoft Sentinel.
JSON