April has been yet another busy month for Microsoft Sentinel. A lot of the updates are centred around the data lake, which is clearly where Microsoft is investing heavily right now. Here is a quick...

Organising Azure Firewall Logs for ingestion If you are ingesting Azure Firewall logs into your Sentinel workspace, ensure that you have set the diagnostic settings to “Resource Specific” Benefits...

If you’ve ever been part of a SIEM migration project, you know exactly what I’m talking about when I say it’s one of the most challenging and resource-intensive projects a security or SIEM engineer...

2025 has been a big year in the Microsoft Sentinel world. Microsoft has pushed Sentinel beyond its roots as a cloud-native SIEM into a central, AI-driven security operations platform tightly integr...

In my last blog post, I covered how to set up the Data Collection Endpoint (DCE), create a custom table, and parse Apache logs into JSON format so they can be uploaded to Sentinel via Log Ingestion...

Automating Custom Log Ingestion into Microsoft Sentinel with Azure DevOps (Part 1) Recently, one of my clients had an incident and I was approached to help operations team analyse a large data set...

I was working with a client recently to optimise their Sentinel deployment when I found out that their Sentinel Pricing tier had been changed from thier original commitment tier to a higher (and an...

A Step-by-Step Guide to manage multiple Sentinel workspaces using Azure Lighthouse. If you’re managing multiple Sentinel workspaces across different Azure tenants or working with clients who have ...

Making Smarter Security Decisions with Risk-Based Optimization in Microsoft Sentinel In today’s fast-paced environment, security teams constantly face the challenge with alerts and potential threa...

Simplifying Vulnerability Data Extraction with Azure DevOps In the realm of cybersecurity, managing vulnerabilities is a critical task. Microsoft Defender offers robust tools for monitoring and an...