AzureVlog

AzureVlog

Welcome to AzureVlog! Your one-stop destination for all things Microsoft Security. From mastering KQL to streamlining incident response, Microsoft Sentinel and Defender for Endpoint, we've got you covered. Join us me as I explore the endless possibilities of AI in Security and delve deeper into the world of cybersecurity. Subscribe now for valuable and informative content that will enhance your Microsoft Security skills 💻🔒 #MicrosoftSecurity #MicrosoftSentinel #Cybersecurity

Пікірлер

  • @debb.7431
    @debb.74314 күн бұрын

    awesome content

  • @Pita_22
    @Pita_225 күн бұрын

    Hi, I'm always trying to replicate in a lab all your videos, so that I can truly learn and understand, Thanks a lot for all your videos. Can you provide more details on the App Registration and on the "Parse JSON" action? I'm stuck in those two...

  • @adventuresofa9jaguy322
    @adventuresofa9jaguy32211 күн бұрын

    i think sentinel can automatically do this now...saw a video about auto integration with virus total

  • @mduckworth
    @mduckworth19 күн бұрын

    really nice, really cool

  • @patrick__007
    @patrick__007Ай бұрын

    Just what I needed to onboard my first servers using Defender for Cloud tomorrow.

  • @imwhtim
    @imwhtimАй бұрын

    It always says the following error: Can't get account information Try again in a few minutes. If the issue persists, contact an administrator. please help me

  • @aaronrichardson4917
    @aaronrichardson4917Ай бұрын

    How do you connect and setup the azure firewall

  • @junlu3835
    @junlu3835Ай бұрын

    The problem is this is very expensive. 😂

  • @xDHELIOxD
    @xDHELIOxDАй бұрын

    Congratulations on your channel; it's helping me a lot. It's always bringing new information and helping those who want to stay updated in the world of Microsoft cybersecurity. You are very good! Thank you for sharing with us

  • @motorhead1791
    @motorhead1791Ай бұрын

    In sentinel log in OperationName column nothing is appearing what to do?

  • @apaliousaf
    @apaliousafАй бұрын

    Nice introduction, I'm looking forward to see some of the uses for Copilot for Security. I just deployed it in my tenant and began using it. I'm currently working on having it automatically provide an executive summary for incidents using the one from the promptbook. Since there isn't a way to run a whole promptbook automatically, I am writing a Logic App in Sentinel that basically runs each prompt of that promptbook, and will continue using the same session ID for each one until the executive summary is complete. Then, it can add the summary to the incident as a comment. Since this normally takes some time, having it run automatically so the comment is already present by the time you review the incident will be nice. Another tip to optimize SCU resource utilization is to limit using Copilot for queries. If there is something that can be defined by a KQL query, you can do that and feed the results to Copilot instead of asking it to do that query. For example, instead of saying "Go back and tell me about Security Incidents in Sentinel that happened in the last 12 hours", you can run a KQL query to return the Incident numbers during your desired time, and then instead ask Copilot "Tell about about the following Security Incidents" and then list the KQL results. This way Copilot doesn't have to use resources to figure out simple things like "what time is it now and how far is 12 hours back" and "What incidents were created in that time range". Cheers!

  • @vh-kd7sw
    @vh-kd7swАй бұрын

    I need to be able to collect and change alerts' status from an external alert management system. Should I use Graph Security API or Azure Management API? What are the prerequisites for the Sentinel alerts appearing in the graph API? Thanks!

  • @adventuresofa9jaguy322
    @adventuresofa9jaguy322Ай бұрын

    tried this, said it no longer works at open ai model is deprecated. is there any workaround?

  • @adventuresofa9jaguy322
    @adventuresofa9jaguy322Ай бұрын

    can you make a video to show how to auto add ip addresses or urls detected in your TI feed to your org's block list automatically

  • @HitemAriania
    @HitemAriania2 ай бұрын

    Security Copilot is not living up to the potential promised in current version. It can not decode base64 and it can not decode powershell obfuscated script if it has more then a few words. the limitations here are massive. And the code analyser uses so much SCU even if it fails (6 to 8.5).

  • @AzureVlog
    @AzureVlog2 ай бұрын

    Hi! Thanks for your response. I see this version as just the initial version of Copilot for Security. I think it has al the potential to become a very good security assistent. I just tested base64 encoding. That did work actually. I haven't fed a large script with multiple layers of obfuscation to it as I don't have such a file available at the moment; but would love to give it a try.

  • @georgechen8398
    @georgechen83982 ай бұрын

    Good job and Nice video! Please keep sharing❤ Looking forward to seeing Purview related video, thanks

  • @AzureVlog
    @AzureVlog2 ай бұрын

    Thanks for the suggestion! Purview is on the list of things to make videos about 🙂

  • @COii3153
    @COii31532 ай бұрын

    Kudos to you mate, great high level tutorial. Implementing similar to gather response for risky users :).

  • @kobyvalentino4079
    @kobyvalentino40792 ай бұрын

    Can you create openai do a simple video in sentinel to reduce false positives ?

  • @kobyvalentino4079
    @kobyvalentino40792 ай бұрын

    Is there anyway to reduce false psotives in azure ?

  • @malvinportner
    @malvinportner2 ай бұрын

    Hello, do you know if Multi Tenant Support for the unified Portal will be available (for example if I have multiple Sentinel Workspaces with Azure Lighthouse or Multiple XDR Tenants via MTO Defender)?

  • @GbengaAbraham
    @GbengaAbraham2 ай бұрын

    Can you teach hands on labs for SOC Analyst? I want to get experience as an entry level, thanks

  • @B4sicUser
    @B4sicUser2 ай бұрын

    Greetings and thank you for all your great content. I've really been looking forward to the unification of Defender Portal and Sentinel but once connected I felt there is alot missing still. Playbooks for example. We use those extensively to enrich our entities in Sentinel Incidents but I have yet to find a way to do that in the Defender Portal

  • @marcschmitz7712
    @marcschmitz77122 ай бұрын

    How does this work when you use Lightouse to "see" multiple tenants?

  • @jeroenniesen6181
    @jeroenniesen61812 ай бұрын

    Hi! The workspace is still usable from within the Azure Portal. The unified security operations platform only supports a single workspace today. In case you also need to manage Defender for Endpoint in a multi tenant scenario; I would suggest to have a look at M365 Lighthouse

  • @polonia66
    @polonia662 ай бұрын

    Thanks for video. Logs in advanced threat hunting option in defender are limited to 30 days? Or microsoft extended as new tables from sentinel appear?

  • @zedsec
    @zedsec2 ай бұрын

    Definitely a big step in the right direction, can't wait to get my grubby little paws on it!

  • @CatSmiling
    @CatSmiling2 ай бұрын

    first

  • @human1822
    @human18222 ай бұрын

    Thank you!

  • @RealROI
    @RealROI2 ай бұрын

    Download overproduced video. Too much music pictures of coffee beans. Come on, bro, you're wasting our time. I'm not following later.

  • @zedsec
    @zedsec2 ай бұрын

    Nice method, you should take a look at Atomic Red Team for really blowing up the portal with alerts! KnowBe4 Ransim is another one but you have to give up your email address and get added to their dreaded mailing list!

  • @sabyasachisahoo8975
    @sabyasachisahoo89752 ай бұрын

    Thanks for uploading this kind of New interesting stuff regrading MDE ...

  • @hardikpatel6546
    @hardikpatel65462 ай бұрын

    Great video… GitHub repo u are using is it public?

  • @chrcook01
    @chrcook012 ай бұрын

    really don't need to see your face that much !

  • @para234voz
    @para234voz2 ай бұрын

    The customer has several Azure subscriptions with several standalone Sentinel configs. Do you think it will be possible to attach several Sentinel workspaces into one Defender portal? Thanks

  • @para234voz
    @para234voz2 ай бұрын

    Sorry, the background music made it hard to follow your content at the beginning. Thank you for switching it off at the main part of the video.

  • @kobyvalentino4079
    @kobyvalentino40792 ай бұрын

    Does this apply to aws as well

  • @AzureVlog
    @AzureVlog2 ай бұрын

    When the VM is hosted in AWS, and onboarded to Defender for Endpoint, this does apply.

  • @kobyvalentino4079
    @kobyvalentino40792 ай бұрын

    @@AzureVlog thank you is there anyway to get in contact with you?

  • @AzureVlog
    @AzureVlog2 ай бұрын

    @@kobyvalentino4079 Sure! Drop me a PM on LinkedIn! www.linkedin.com/in/jeroenniesen/

  • @kobyvalentino4079
    @kobyvalentino40792 ай бұрын

    @@AzureVlog thank you sent an invite

  • @dannyroy8571
    @dannyroy85712 ай бұрын

    Hi nice share, commenting the below out if context topic but it's important Texting you this after not receiving any reply from Microsoft tech community. I have this Azure recommendation "SQL databases should have vulnerability findings resolved" where I had one of the SQL Server in healthy resource but the databases inside are in not applicable databases i want to set it in healthy databases - what would be a solution for this and please note we are using the express configuration. Thankyou..!!

  • @nirmaal2255
    @nirmaal22553 ай бұрын

    make video on MISP to Azure Sentinel Integration with diagram

  • @AzureVlog
    @AzureVlog2 ай бұрын

    That video might be on the backlog to create! Currently working on a integration of MISP with Sentinel :-)

  • @nirmaal2255
    @nirmaal22552 ай бұрын

    @@AzureVlog Thank you

  • @user-ql8oq6vm1k
    @user-ql8oq6vm1k3 ай бұрын

    Thank you for all your Vlogs.

  • @user-ql8oq6vm1k
    @user-ql8oq6vm1k3 ай бұрын

    Please show more. This was cool.

  • @nishanthp1264
    @nishanthp12643 ай бұрын

    Thanks once again

  • @EvertvanIngen
    @EvertvanIngen3 ай бұрын

    You speak very goed Englichlands

  • @armanhrshaikh
    @armanhrshaikh3 ай бұрын

    Ok 👌

  • @Knighthell75
    @Knighthell753 ай бұрын

    Amazing thanks 🎉

  • @nishanthp1264
    @nishanthp12643 ай бұрын

    Very cool feature … thanks for taking time when you were holidaying 👍👍

  • @e3tgs
    @e3tgs3 ай бұрын

    Thank you, really inspiring!

  • @Mydekanv2
    @Mydekanv23 ай бұрын

    Can't wait for the new platform to be released! cool content as always, boss.

  • @wearewhoweare6602
    @wearewhoweare66024 ай бұрын

    Please can you do a practical scenario on Azure Firewall ssl inspection and certificate mapping?

  • @AzureVlog
    @AzureVlog4 ай бұрын

    Will keep that in mind for a upcomming video. Thanks for the suggestion.

  • @wearewhoweare6602
    @wearewhoweare66023 ай бұрын

    @@AzureVlog Thanks again.

  • @wearewhoweare6602
    @wearewhoweare66024 ай бұрын

    Hello how can I get the behaviorInfo table from defender for Cloud Apps into Sentinel? Would enabling this unified platform be of help? How about if I dont want to go unified because of some business reasons... Assistance on getting behaviourInfo table into Log Analytics

  • @nishanthp1264
    @nishanthp12644 ай бұрын

    Thank you had forgotten about this feature

  • @Manbearpiet
    @Manbearpiet4 ай бұрын

    Can't decide if the coffee B-roll or the mountains is better, /jk looks epic! Hope you had fun on the vacation. Thanks again for the video 👍