Welcome to AzureVlog! Your one-stop destination for all things Microsoft Security. From mastering KQL to streamlining incident response, Microsoft Sentinel and Defender for Endpoint, we've got you covered. Join us me as I explore the endless possibilities of AI in Security and delve deeper into the world of cybersecurity. Subscribe now for valuable and informative content that will enhance your Microsoft Security skills 💻🔒 #MicrosoftSecurity #MicrosoftSentinel #Cybersecurity
Пікірлер
awesome content
Hi, I'm always trying to replicate in a lab all your videos, so that I can truly learn and understand, Thanks a lot for all your videos. Can you provide more details on the App Registration and on the "Parse JSON" action? I'm stuck in those two...
i think sentinel can automatically do this now...saw a video about auto integration with virus total
really nice, really cool
Just what I needed to onboard my first servers using Defender for Cloud tomorrow.
It always says the following error: Can't get account information Try again in a few minutes. If the issue persists, contact an administrator. please help me
How do you connect and setup the azure firewall
The problem is this is very expensive. 😂
Congratulations on your channel; it's helping me a lot. It's always bringing new information and helping those who want to stay updated in the world of Microsoft cybersecurity. You are very good! Thank you for sharing with us
In sentinel log in OperationName column nothing is appearing what to do?
Nice introduction, I'm looking forward to see some of the uses for Copilot for Security. I just deployed it in my tenant and began using it. I'm currently working on having it automatically provide an executive summary for incidents using the one from the promptbook. Since there isn't a way to run a whole promptbook automatically, I am writing a Logic App in Sentinel that basically runs each prompt of that promptbook, and will continue using the same session ID for each one until the executive summary is complete. Then, it can add the summary to the incident as a comment. Since this normally takes some time, having it run automatically so the comment is already present by the time you review the incident will be nice. Another tip to optimize SCU resource utilization is to limit using Copilot for queries. If there is something that can be defined by a KQL query, you can do that and feed the results to Copilot instead of asking it to do that query. For example, instead of saying "Go back and tell me about Security Incidents in Sentinel that happened in the last 12 hours", you can run a KQL query to return the Incident numbers during your desired time, and then instead ask Copilot "Tell about about the following Security Incidents" and then list the KQL results. This way Copilot doesn't have to use resources to figure out simple things like "what time is it now and how far is 12 hours back" and "What incidents were created in that time range". Cheers!
I need to be able to collect and change alerts' status from an external alert management system. Should I use Graph Security API or Azure Management API? What are the prerequisites for the Sentinel alerts appearing in the graph API? Thanks!
tried this, said it no longer works at open ai model is deprecated. is there any workaround?
can you make a video to show how to auto add ip addresses or urls detected in your TI feed to your org's block list automatically
Security Copilot is not living up to the potential promised in current version. It can not decode base64 and it can not decode powershell obfuscated script if it has more then a few words. the limitations here are massive. And the code analyser uses so much SCU even if it fails (6 to 8.5).
Hi! Thanks for your response. I see this version as just the initial version of Copilot for Security. I think it has al the potential to become a very good security assistent. I just tested base64 encoding. That did work actually. I haven't fed a large script with multiple layers of obfuscation to it as I don't have such a file available at the moment; but would love to give it a try.
Good job and Nice video! Please keep sharing❤ Looking forward to seeing Purview related video, thanks
Thanks for the suggestion! Purview is on the list of things to make videos about 🙂
Kudos to you mate, great high level tutorial. Implementing similar to gather response for risky users :).
Can you create openai do a simple video in sentinel to reduce false positives ?
Is there anyway to reduce false psotives in azure ?
Hello, do you know if Multi Tenant Support for the unified Portal will be available (for example if I have multiple Sentinel Workspaces with Azure Lighthouse or Multiple XDR Tenants via MTO Defender)?
Can you teach hands on labs for SOC Analyst? I want to get experience as an entry level, thanks
Greetings and thank you for all your great content. I've really been looking forward to the unification of Defender Portal and Sentinel but once connected I felt there is alot missing still. Playbooks for example. We use those extensively to enrich our entities in Sentinel Incidents but I have yet to find a way to do that in the Defender Portal
How does this work when you use Lightouse to "see" multiple tenants?
Hi! The workspace is still usable from within the Azure Portal. The unified security operations platform only supports a single workspace today. In case you also need to manage Defender for Endpoint in a multi tenant scenario; I would suggest to have a look at M365 Lighthouse
Thanks for video. Logs in advanced threat hunting option in defender are limited to 30 days? Or microsoft extended as new tables from sentinel appear?
Definitely a big step in the right direction, can't wait to get my grubby little paws on it!
first
Thank you!
Download overproduced video. Too much music pictures of coffee beans. Come on, bro, you're wasting our time. I'm not following later.
Nice method, you should take a look at Atomic Red Team for really blowing up the portal with alerts! KnowBe4 Ransim is another one but you have to give up your email address and get added to their dreaded mailing list!
Thanks for uploading this kind of New interesting stuff regrading MDE ...
Great video… GitHub repo u are using is it public?
really don't need to see your face that much !
The customer has several Azure subscriptions with several standalone Sentinel configs. Do you think it will be possible to attach several Sentinel workspaces into one Defender portal? Thanks
Sorry, the background music made it hard to follow your content at the beginning. Thank you for switching it off at the main part of the video.
Does this apply to aws as well
When the VM is hosted in AWS, and onboarded to Defender for Endpoint, this does apply.
@@AzureVlog thank you is there anyway to get in contact with you?
@@kobyvalentino4079 Sure! Drop me a PM on LinkedIn! www.linkedin.com/in/jeroenniesen/
@@AzureVlog thank you sent an invite
Hi nice share, commenting the below out if context topic but it's important Texting you this after not receiving any reply from Microsoft tech community. I have this Azure recommendation "SQL databases should have vulnerability findings resolved" where I had one of the SQL Server in healthy resource but the databases inside are in not applicable databases i want to set it in healthy databases - what would be a solution for this and please note we are using the express configuration. Thankyou..!!
make video on MISP to Azure Sentinel Integration with diagram
That video might be on the backlog to create! Currently working on a integration of MISP with Sentinel :-)
@@AzureVlog Thank you
Thank you for all your Vlogs.
Please show more. This was cool.
Thanks once again
You speak very goed Englichlands
Ok 👌
Amazing thanks 🎉
Very cool feature … thanks for taking time when you were holidaying 👍👍
Thank you, really inspiring!
Can't wait for the new platform to be released! cool content as always, boss.
Please can you do a practical scenario on Azure Firewall ssl inspection and certificate mapping?
Will keep that in mind for a upcomming video. Thanks for the suggestion.
@@AzureVlog Thanks again.
Hello how can I get the behaviorInfo table from defender for Cloud Apps into Sentinel? Would enabling this unified platform be of help? How about if I dont want to go unified because of some business reasons... Assistance on getting behaviourInfo table into Log Analytics
Thank you had forgotten about this feature
Can't decide if the coffee B-roll or the mountains is better, /jk looks epic! Hope you had fun on the vacation. Thanks again for the video 👍