Firewall network traffic logs are the largest driver of Microsoft Sentinel ingestion costs. Yet they remain a critical source of information for threat detection, investigations & incident response. Explore how Sentinel Summary Rules can reduce the cost of ingesting firewall traffic events while retaining the visibility SecOp teams need to detect threats & investigate incidents.
Tag: Azure Sentinel
Data Connector Health Monitoring on Microsoft Sentinel
Introduction Security information and event management (SIEM) tooling allows security teams to collect and analyse logs from a wide variety of sources. In turn this is used to detect and handle incidents. Evidently it is important to ensure that the log ingestion is complete and uninterrupted. Luckily SIEMs offer out-of-the-box solutions and/or capabilities to create … Continue reading Data Connector Health Monitoring on Microsoft Sentinel
Detecting & Preventing Rogue Azure Subscriptions
In this blog post we will cover why rogue subscriptions are problematic and revisit a solution published a couple of years ago on Microsoft's Tech Community. Finally, we will conclude with some hardening recommendations to restrict the creation and importation of Azure subscriptions.



