Browsing Category
Microsoft Sentinel
16 posts
Microsoft Sentinel acts as the central SIEM and SOAR platform in many environments. This category focuses on detection engineering, KQL, threat hunting, and SOC workflows.
Articles cover log ingestion, detection design, hunting strategies, and architectural decisions. The focus is on operational SIEM usage, not just setup.
This category is intended for SOC engineers, detection engineers, and security architects working with Sentinel.
AI agent runtime protection in Microsoft Defender for Endpoint
Discovery tells you an agent exists. It doesn’t tell you when someone tries to hijack it. That’s the…
Microsoft Defender for Endpoint custom data collection: get the telemetry you need
If you’ve been working with Microsoft Defender for Endpoint (MDE) for any length of time, you’ve probably run…
Identity attack graph in Microsoft Sentinel: easy find lateral movement paths
Sentinel graph ships with two layers. One is custom graphs, where you build your own schema from any…
Getting started with OpenCTI: threat intelligence connected to Microsoft Sentinel
For the past few years, MISP has been my go-to for threat intelligence. It’s open source, flexible, and…
Defender XDR advanced hunting tables: ingest directly into Sentinel data lake
If you’ve read my Microsoft Sentinel data lake implementation guide, you know I covered a DCR-based workaround for…
UEBA behaviors layer in Microsoft Sentinel: from raw logs to behavioral intelligence
Every SOC analyst knows the feeling. An alert fires. You open the incident. And then the real work…
Microsoft Sentinel data lake: implementation guide
What is Microsoft Sentinel data lake Microsoft Sentinel data lake is a purpose-built, cloud-native security data platform that…
Automatically tagging MITRE techniques with AI in SOC Optimization
Mapping security detections to the MITRE ATT&CK framework is crucial for understanding adversary behavior and improving threat response.…
Case management in Microsoft Defender and Sentinel: streamline your SecOps
Managing complex security incidents has always been a challenge for Security Operations Centers (SOCs). From correlating alerts to…
Integrating T-pot Honeypot with Microsoft Sentinel using Data Collection Rules (DCR)
In the face of increasing cybersecurity threats, early detection and analysis of attack behaviors are essential for proactive…












