A few months ago, Microsoft introduced a new functionality in the Sentinel Analytics Rules which can be used to dynamically define values in incidents. Instead of hardcoding values like the name of the incident or its description, one can specify the content based on the KQL-query used for alerting. …

The Mitre Att&ck framework is frequently utilized by Security Operation Centers to describe the behavior of the threat or to display detection capabilities. Because of the widespread use of the framework, a lot of Security vendors introduced it in their tooling. Azure Sentinel also has some …

When you investigate a malicious site opening or malicious file download, oftentimes you want to find out how your user got there. Checking the referrer information in proxy logs is one of the most trivial things to do if you want to identify the root cause, the initial site. Unfortunately, there …