Microsoft is unifying its security experience, and one of the largest steps in that journey is the migration of Microsoft Sentinel from the Azure portal to the Microsoft Defender portal. This move brings Sentinel into the same unified interface as Microsoft Defender XDR, Microsoft Defender for Cloud, and other core security services—creating a streamlined, modern…

As organizations continue accelerating their cloud adoption, the security landscape has become increasingly complex. Hybrid environments, SaaS integrations, identity-centric attacks, and AI-driven threats demand a modern approach to security operations. Microsoft Sentinel—Microsoft’s cloud-native SIEM and SOAR solution—continues to evolve to meet these challenges with advanced analytics, automation, and integrated threat intelligence. In this post, we…

Microsoft Sentinel is designed to provide intelligent security analytics and threat intelligence to help organizations detect, investigate, and respond to cybersecurity threats in real-time. It collects and analyzes data from various sources, including logs, events, and alerts generated by different cloud and on-premises resources, network devices, and applications. By leveraging advanced AI and machine learning…

“Microsoft Sentinel incorporates several AI (Artificial Intelligence) capabilities to enhance threat detection, response, and overall security operations. Some of the key AI capabilities in Microsoft Azure Sentinel include:

Microsoft Sentinel utilizes various machine learning (ML) techniques to enhance its threat detection, incident response, and overall security capabilities. Microsoft has been investing heavily in AI and ML technologies, and these are integrated into Azure Sentinel to provide intelligent security analytics. Some of the key machine learning aspects of Microsoft Sentinel include:

Kusto Query Language is designed to work with large-scale data sets and is particularly well-suited for log and telemetry data analysis. It allows users to perform complex data manipulations, aggregations, and visualizations to derive insights from vast amounts of data efficiently. Below are some of the KQL queries for AD Security Events. —————————————————————————————————————— AAD Password…

Onboarding a customer to Azure Lighthouse allows service providers or managed service providers (MSPs) to efficiently manage and Govern multiple Azure tenants from a single central location. This step-by-step process outlines how to onboard an Azure Lighthouse customer (MS Sentinel SOC Service): Step-1.1 From Service Provider / Managed Service Provider 1.2-Go to https://portal.azure.com, Select “My…

SIEM (Security Information and Event Management) is one of the essential pieces in the Cyber Defence of any organization. Choosing the right SIEM solution is also equally important. Here we will be discussing our thoughts on why you should choose Sentinel as your SIEM. What is Microsoft Sentinel?Microsoft Sentinel is a cloud-native SIEM solution provided…

verview The Microsoft Sentinel Triage Assistant (STAT) is a Custom Connector for Logic Apps, built to simplify and enhance incident-based automation within Microsoft Sentinel playbooks. By utilizing a collection of pre-built Automation Modules, STAT enables the execution of complex automation workflows in a consistent, user-friendly manner—directly through the Logic Apps Connector. Purpose STAT is designed…

In Microsoft Sentinel, tables are where all your collected data is stored and organized within the Log Analytics workspace. Each table represents a specific type of data—like security events, sign-ins, alerts, or network logs—and has its own schema with defined fields. These tables are the foundation for running Kusto Query Language (KQL) queries, building workbooks,…