Tag: Automation
-
Unlocking Scalable Security Analytics: How to Automate KQL Jobs in Sentinel Data Lake
Introduction In Part 4 of this series, we focused on optimizing KQL queries in Microsoft Sentinel Data Lake. Optimized queries are powerful for investigations, but sometimes you need to automate and repeat them. That’s where KQL jobs come in. A KQL job allows you to run scheduled queries across Sentinel Data Lake, store the results, Read more
-
Mastering SecOps: Destroy Response Time with Sentinel Playbooks
Welcome back to Mastering SecOps, a five-part blog series designed to help you fully operationalize Microsoft Sentinel with tools like Sentinel Playbooks. In our last post, we focused on strengthening detection using MITRE ATT&CK and UEBA. Today, let’s dive into a key part of any modern SOC: automation and alert enrichment, enabled by Sentinel Playbooks. Read more