When selecting a new security technology, cost is a crucial factor. It does not matter how effective a tool may be, it becomes irrelevant if it’s unaffordable for you. As a result, it is critical to have someone …

A slightly different version of this article appeared on BlueVoyant’s website. Click on this link to read it there: https://www.managedsentinel.com/defender-for-cloud-and-defender-xdr-connectors-in-sentinel/ Alternately, …

Sentinel’s watchlist is a collection of entities that can be used to correlate your logs with a rarely changing data set. Although watchlists can be updated via the Azure Portal GUI or even its API, watchlists are …

The initial release of this article appeared on BlueVoyant’s website. Click on this link to read it there, along with some lovely diagrams: https://www.managedsentinel.com/log-splitting-with-data-collection-rules/ …

I’m pretty sure you’ve already dealt with the ingestion delay issue if you use a SIEM with scheduled rules. There are numerous articles on the internet that explain how to handle ingestion latency without …

You may want to forward Azure resource logs to a different tenant from time to time. Fortunately, using the Diagnostic settings option in Azure to forward -at least some of the- logs to another tenant is quite simple. I …

Archiving is a fairly new feature in Sentinel that was introduced to help you decrease the cost of your long-term data retention for events that are not used or only rarely used. Previously, you either retained your data …

Lately, each month, I see a new feature from Microsoft that I think is going to be a game-changer for Sentinel. And again, there is a new one that was introduced a month ago, and I think it could be a feature that moves …

“NFT” was the buzzword in the crypto scene in the last few years. The technology is new, and an incredible number of new and inexperienced people have started to work with it. The huge developer community in …