Tag: siem
-
5 Defender Portal Risks Security Leaders Overlook
The Defender Portal Transition introduces more than a new interface. Discover five hidden risks that can impact analyst workflows, automation, training, and security operations—and learn how to prepare your SOC for success. Read more
-
Critical Sentinel Shift Security Leaders Can’t Ignore
Microsoft Sentinel’s transition into the Microsoft Defender portal is far more than a simple UI update. This shift changes how SOC teams investigate incidents, correlate threats, and operate across SIEM and XDR workflows. Learn why security leaders should begin preparing now to reduce operational risk and modernize security operations effectively. Read more
-
Reflecting on the Journey Since 2025 with Security Day with Mike: Thank you!
As we close another chapter and look back to when It’s Security Day with Mike! first launched in 2025, I want to take a moment to say Thank You This blog started with a simple goal: translate complex Microsoft security capabilities into practical, real world guidance for technical leaders and practitioners. What it’s grown into… Read more
-
Simple Syslog Ingestion with Microsoft Sentinel Data Lake
Learn how to easily connect your Syslog collector VM, configure a Data Collection Rule, and validate real-time log ingestion into Microsoft Sentinel Data Lake. This step-by-step guide helps you streamline Syslog ingestion for scalable and cost-efficient security analytics. Read more
-
How To Confidently Create Microsoft Sentinel data lake Custom Tables for Security Analytics
Learn how to confidently create custom tables in Microsoft Sentinel Data Lake using the Azure CLI. This step-by-step guide walks you through setup, schema verification, and switching your table to the Data Lake tier for cost-efficient, scalable security analytics management. Perfect for modern SOC and cloud security teams. Read more
-
The Proven Way Sentinel Data Lake Slashes Cost
Introduction Security teams have long faced a tough challenge: balancing visibility with cost. A year ago, many organizations hesitated to adopt Microsoft Sentinel because of the high cost of the Analytics tier, forcing them to strip data down to the bare minimum. Microsoft listened. The Sentinel Data Lake tier is the proven way to slash… Read more
-
Unlocking Scalable Security Analytics: Bolster Sentinel Data Governance
Introduction Throughout this series, we’ve explored how Microsoft Sentinel evolves to meet modern security analytics needs—from onboarding and cost optimization to advanced KQL automation and notebook-based data science. One of the key components in this ecosystem is the Sentinel Data Lake, which plays a crucial role in storing and managing security data efficiently. In this… Read more
-
Unlocking Scalable Security Analytics: Explode Threat Analysis in Sentinel Notebooks
Take your investigations to the next level with Sentinel Notebooks. Learn how to explode threat analysis workflows using Python, Spark, and machine learning in Microsoft Sentinel Data Lake — turning data into faster, smarter insights. Read more
-
Unlocking Scalable Security Analytics: Expose Sentinel Data Lake Notebooks
Discover how notebooks in Microsoft Sentinel Data Lake bring together KQL, Python, and data science to transform security investigations. Learn what they are, why they matter, and what you need to get started before diving deeper into advanced use cases. Read more
-
Unlocking Scalable Security Analytics: How to Automate KQL Jobs in Sentinel Data Lake
Introduction In Part 4 of this series, we focused on optimizing KQL queries in Microsoft Sentinel Data Lake. Optimized queries are powerful for investigations, but sometimes you need to automate and repeat them. That’s where KQL jobs come in. A KQL job allows you to run scheduled queries across Sentinel Data Lake, store the results,… Read more