Intro I recently stumbled over a LogicApp (Microsoft Sentinel Playbook) I’ve created a long time ago where I needed to fix some stuff. The use case of the LogicApp is to handle the phone alerting process for customers with specific alerting requirements (no 24/7, only dedicated times during the day).
During security Incident Analysis, Threat and Vulnerability Management and security activities it’s important to have enough data available to correlate them. Especially Microsoft Intune contains a lot of valuable information, but also other resources which are available via Microsoft Graph can be helpful. It is simple to add this information
Intro In this blog post I follow up on my previous blog post. There we addressed the challenge to to handle the (potentially massive) delay in entity mappings for security incidents. Here’s the link in case you missed the blog post: Sentinel Incident Automation – handle entity mapping delay in
Intro Automation is a key element to improve SOC efficiency. Many different use cases exist where automation can be applied Tagging of Security incidents Severity level adoptions Auto-Closure Security incident information enrichment …and many more Most of the automation is based on pre-defined conditions. To auto-close a security incident one
One of the biggest challenges with guest/external accounts in Azure AD is to build a governance process to keep your directory clean. Many companies do not like to have old and unused guest accounts forever in their Azure AD. Without a review functionality and information who has invited them this
Copyright © 2023 Workplace Ninja’s. All Rights Reserved. – Code of Conduct, Webpage Terms of use and Webpage Privacy Policy