Microsoft Sentinel is based on the Azure stack and thus billed as part of your Azure consumption. It is important to be wary of the monthly cost as it can quickly expand if it is not being watched carefully. In this blog, we provide practical advice on how to manage and optimize your costs in Sentinel.
Ransomware protection isn’t about a single solution; it’s a layered defense strategy. In this article, we explore a few recommendations that organizations can use to significantly reduce risk and combat ransomware in their tenant.
With AiTM phishing attacks on the rise, it is important to have procedures in place to combat future attacks. In this article, we explore three different ways to protect against token theft using Conditional Access.
In this episode of Practical Sentinel, we dive into the MITRE ATT&CK framework and how to integrate it within your environment through Microsoft Sentinel & Defender XDR.
Like all cloud services, Microsoft Sentinel can fail from time to time. In this blog, we dive into how to find and fix these issues using the Microsoft Sentinel Health feature, which enables monitoring for analytic rules, automation rules, and data connectors.
In this episode of Practical Sentinel, we explain how to use Microsoft Sentinel’s SOAR capabilities to build automation on top of networking data through enrichments, automated actions, and threat intelligence integrations.
In this blog, Thijs Lecomte dives into how to protect you public-facing infrastructure with Microsoft Defender's External Attack Surface Management tool.
After identifying what networking data you should ingest into Sentinel, the next step is to start creating alerts and incidents using the data. And that is exactly what we cover in this episode of Practical Sentinel.
In this episode of Practical Sentinel, Thijs describes the different ingestion methods, how to choose the best method, and advises how to filter the ingested data.
Over the last year, Microsoft has released several new features to make management of inactive devices easier. In this blog, we review these features and build off our original blog post on "Handling Inactive Devices in Microsoft Defender for Endpoint."
Are you looking to ingest your data into Sentinel? In this episode of Practical Sentinel, we review use cases and tips for ingesting networking data into Sentinel.
In this episode of Practical Sentinel, Thijs Lecomte discusses how to create some basic KQL queries to track MFA usage.
