Microsoft Sentinel Cost Management: How to get insights in data lake usage
Microsoft announced the public preview of Microsoft Sentinel Cost Management at Microsoft Ignite 2025. The new feature brings more in-depth cost visibility into the usage of Sentinel and Sentinel Data Lake. With the release of Microsoft Sentinel data lake, it...
How to store Defender XDR data for years in Sentinel data lake without expensive ingestion cost
In recent years, an increasing number of customers have requested options to extend retention in Microsoft Defender XDR beyond the default 30 days at a low cost, all with the requirement of having the KQL experience available. Blog information: Feature is...
Microsoft Sentinel data lake: How to use/enable and set-up the unified data lake
Microsoft released the new Microsoft Sentinel data lake in public preview this month. With the data lake feature, it is possible to scale and store data more easily for less cost. The new Microsoft Sentinel data lake is a new...
Deploy Sysmon and collect additional data with Sentinel and the AMA agent
System Monitor (Sysmon) is one of the most common add-ons for Windows logging. With Sysmon, you can detect malicious activity by tracking code behavior and network traffic. Sysmon is part of the Sysinternals package and is owned by Microsoft. Sysmon...
Which data connector and activity is free in Microsoft Sentinel?
After the initial onboarding of Microsoft Sentinel, connectors can be used for ingesting data. Microsoft invested in pre-build connectors which can be used for adding data/events correctly in Microsoft Sentinel. For a large set of Microsoft products; there are connectors...
Use automation/playbooks in Microsoft Sentinel during incident update activity using update triggers
Automation is critical for modern SOC environments to handle the volume of upcoming threats and manage day-to-day tasks. Ideally most of the features are automated in Microsoft Sentinel during the incident creation, enrichment, update, and closure. For quite some time...
What happens without RDP protection after 24+ hours in Microsoft Sentinel & Microsoft security products
For many years, abuse of Remote Desktop Protection (RDP) has been the most common root cause of all ransomware events. At the moment one of the most common attacks against VMs in Azure/ AWS or other clouds is based on...
Protecting Microsoft Teams with Microsoft Sentinel
Microsoft Teams and other online collaboration tools increases massively in the last 2-3 years. Working from home became the new normal in most of the work environments and securing IT cloud environments changes. Recent changes in Microsoft Teams bring more...
Collect Security Events in Microsoft Sentinel with the new AMA agent and DCR
The Microsoft Sentinel Data Connector that utilizes the modern agent (AMA) for collecting Windows Security Events is for a couple of months general available. The Log Analytics/MMA agent will be retired in 2024, which seems like a long way off....
Monitor Microsoft Sentinel Data Connectors using Health Monitoring and Logic App
Microsoft announced a new public preview which contains the new Microsoft Sentinel Health Monitoring feature. Microsoft Sentinel now provides the SentinelHealth data table to help monitor the connector health and provides some insights which are interesting for further monitoring. Important: Feature currently...
