Microsoft Sentinel - Collecting Common Event Format (CEF) via AMA Data connector.
Microsoft Sentinel provides Common Event Format (CEF) via AMA connector to quickly filter and upload logs in the Common Event Format...
top of page
READ ABOUT CUTTING EDGE TECHNOLOGIES, AND CLOUD COMPUTING.
Scroll down to read about Cloud Technologies.
Blogs on Futuristic Technologies, Cloud Computing, Azure Cloud, Azure Security, Azure Monitor, Azure Sentinel, Azure Log Analytics, Azure Automation, Azure Defender, KQL and many other things.
LEARN AND GROW
Learn and Grow
Search
Keshav Jain
- Dec 16, 2022
- 1 min
Collecting CEF log using Azure Monitor Agent (AMA agent). Unable to install CEF collector on RHEL8.
We were working on configuring the Data Connector "Common Event Format (CEF) via AMA" in Microsoft Sentinel . While running the CEF...
53 views0 comments
Keshav Jain
- Oct 10, 2022
- 1 min
Error "Failed to list classic administrators of subscription" while deploying the Service offer.
Below listed error might appear while deploying the ARM template in MSSP environment for managing the Sentinel using the Azure...
14 views0 comments
Keshav Jain
- Aug 4, 2022
- 1 min
Granted permission “Sentinel Reader” or “Sentinel Responder” but the Sentinel is not visible ?
I often ran in scenario where I granted permission “Log Analytics Reader” and “Microsoft Sentinel Reader” or “Microsoft Sentinel...
44 views0 comments
Keshav Jain
- Jun 22, 2022
- 2 min
Monitoring the health of the Microsoft Sentinel Data connectors
Monitoring the health of the Microsoft Sentinel Data connector Data is sent to the Microsoft Sentinel workspace by configuring the...
184 views1 comment
Keshav Jain
- Jun 1, 2022
- 1 min
Microsoft Defender Vulnerability Management
With the launch of ‘Microsoft Defender Vulnerability Management’, Microsoft has added more power to the Defender suite. Now,...
123 views0 comments
Keshav Jain
- Feb 28, 2022
- 2 min
Managing cross Tenant Sentinel Workspace using the Azure Light House capabilities.
This blog talks about configuring the test environment for the Azure Lighthouse and Sentinel. Here I am sharing my learning. This is...
100 views0 comments
Keshav Jain
- Dec 1, 2021
- 1 min
Integrating Microsoft Defender with Microsoft Sentinel
Learn how to integrate the Microsoft Defender Data Connectors in Microsoft Sentinel. https://www.youtube.com/watch?v=hZ1CxNRpFWM&t=1726s
75 views0 comments
Keshav Jain
- Nov 19, 2021
- 2 min
Azure Sentinel - Security Incident Closure Reports
While working as a part of the SOC, its very important to fetch weekly, monthly reports on Closed incidents. Here is this blog I composed...
424 views0 comments
Keshav Jain
- Nov 10, 2021
- 1 min
Identifying the TorNodes IP address using the Azure Sentinel.
Tor IP addresses are tunneled through other devices on the Tor network with "Onion Routing". This prevents a user's real IP address from...
690 views4 comments
Keshav Jain
- Nov 8, 2021
- 1 min
Azure Sentinel will now be known as 'Microsoft Sentinel'
Name changes that Microsoft has announced at Ignite 2021. Azure Sentinel Microsoft Sentinel Azure Defender and Azure...
35 views0 comments
Keshav Jain
- May 29, 2021
- 1 min
Configure the Azure Sentinel.
Learn how to configure Azure Sentinel. If you are preparing for SC200 examination then its important to learn how to configure the Azure...
78 views0 comments
Keshav Jain
- May 22, 2021
- 1 min
Learn how to write your first KQL query!
KQL is quite important in Azure SECOPS domain. Azure Sentinel, Azure Monitor, Defender suite, etc. are powered by KQL . Sometime when...
138 views0 comments
Keshav Jain
- Mar 28, 2021
- 1 min
Azure Sentinel KQL Query to generate report of Users and Authentication Methods they have used.
Below KQL query will generate the report that generate report of Users and Authentication Methods they have used. SigninLogs | extend...
480 views0 comments
Keshav Jain
- Mar 24, 2021
- 2 min
Azure Sentinel Playbook Code for pulling up the IP Address from the Alert.
{ "definition": { "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",...
291 views0 comments
Keshav Jain
- Mar 2, 2021
- 1 min
KQL Query in Sentinel to generate report of Users and details the Authentication Methods they have u
SigninLogs | extend authenticationMethod_ = tostring(parse_json(AuthenticationDetails)[0].authenticationMethod) | extend...
227 views0 comments
Keshav Jain
- Feb 16, 2021
- 1 min
Azure Sentinel Defender Connectors Explained.
I have been working on the Sentinel for quite a long. Off late I got a task to explore the Defender Connectors. When I looked first into...
646 views0 comments
bottom of page