Near-Real-Time rule restrictionsNear-Real-Time (NRT) rule is a pretty new addition to Microsoft Sentinel. There are already blog posts out there detailing the…Jan 24, 2022Jan 24, 2022
HoneyDoc with Azure and Remote Template InjectionThis post is to show you a practical implementation of a prototype honeytoken which is based on Remote Template Injection and Azure…Jan 9, 2022Jan 9, 2022
(Ingestion-) Time will tellWhen you handle logs in a SIEM, times are really important. It doesn’t matter whether you investigate alerts, or you create a detection…Oct 1, 2021Oct 1, 2021
Per-Table retention in SentinelThe log retention period in any SIEM can have a big impact on your cost as well as your investigation and threat hunt capabilities…Aug 26, 2021Aug 26, 2021
The best Commitment Tier for your SentinelA SIEM is the foundation of a modern, well-working SOC. This also means a significant part of the SOC budget can be the cost of the SIEM…Aug 17, 2021Aug 17, 2021
