Workplace Ninja's Blog
Our goal is to share knowledge with the community and to make Workplace Management with Microsoft Technologies simpler for everybody. We wish you happy reading!
Featured Posts
Sentinel Automation use case – custom Alerting with LogicApps
Intro I recently stumbled over a LogicApp (Microsoft Sentinel Playbook) I’ve created a long time ago where I needed to fix some stuff. The use case of the LogicApp is to handle the phone alerting process for customers with specific alerting requirements (no 24/7, only dedicated times during the day).
Microsoft Purview Information protect predefined permission groups demystified
When working with Information Protection Sensitivity Labels it’s common to create labels which also enforce encryption. Today we have multiple predefined groups available, but which users do they really include. Because of this I have played through the different scenarios and provide an overview within this blog. Test environment Tenant
Latest Posts
Microsoft Sentinel Security Incident statistics with Workbooks
Apparently the contents from the screenshots taken is not easy to read and some zoom-in is required. Layer 8 issue. Table of Contents Intro You/your company has just signed up for a SIEM/SOAR solution where data from multiple, different external systems/platforms is aggregated, analyzed and (worst case) processed into Security
Extending Microsoft Sentinel with important device data
During security Incident Analysis, Threat and Vulnerability Management and security activities it’s important to have enough data available to correlate them. Especially Microsoft Intune contains a lot of valuable information, but also other resources which are available via Microsoft Graph can be helpful. It is simple to add this information
Sentinel Incident Automation – Playbook dependencies
Intro In this blog post I follow up on my previous blog post. There we addressed the challenge to to handle the (potentially massive) delay in entity mappings for security incidents. Here’s the link in case you missed the blog post: Sentinel Incident Automation – handle entity mapping delay in
Sentinel Incident Automation – handle entity mapping delay in Playbooks
Intro Automation is a key element to improve SOC efficiency. Many different use cases exist where automation can be applied Tagging of Security incidents Severity level adoptions Auto-Closure Security incident information enrichment …and many more Most of the automation is based on pre-defined conditions. To auto-close a security incident one
SOC Monitor wall – Build your Content (Part 3)
In this blog post, I share how the dedicated workbooks could look like regarding their content. Note: During the analysis of a specific high-severity security incident in a customer environment you might want to display specific content on the SOC wall screen. Link to other Parts: Planning the Setup Develop
SOC Monitor wall – Planning the Setup (Part 1)
The big plus working in a SOC is the possibility to be on-site with other Security Analysts rather than being separated in the home office. Working in a MSSP SOC means to keep an eye on multiple customer SIEM’s simultaneously in terms of security incidents and anomalies/availability of mandatory log