Its Security Day with Mike

Explore the latest in technology and cybersecurity with insightful blog posts, expert tips, and in-depth analysis. Stay informed, stay secure!

Tag: siem

  • Unlocking Scalable Security Analytics: How to Optimize KQL Queries in Sentinel Data Lake

    Unlocking Scalable Security Analytics: How to Optimize KQL Queries in Sentinel Data Lake

    Mike Taylor

    Introduction In Part 3 of this series, we covered how to onboard Microsoft Sentinel Data Lake. Once onboarding is complete, the next step is learning how to query your data effectively. Efficient Kusto Query Language (KQL) queries are critical for SOC teams during historical investigations. Well-structured queries reduce costs, accelerate investigations, and reveal meaningful patterns.… Read more

  • Unlocking Scalable Security Analytics: How to Set Up Sentinel Data Lake

    Unlocking Scalable Security Analytics: How to Set Up Sentinel Data Lake

    Mike Taylor

    Introduction In Part 1 of this series, we explained why pairing Microsoft Sentinel with a Data Lake matters. In Part 2, we demonstrated how the integration can save up to 75% annually. Now, in Part 3, you will walk through the onboarding process for Microsoft Sentinel Data Lake and see how it extends your existing… Read more

  • Unlocking Scalable Security Analytics: Save with Sentinel Data Lake

    Unlocking Scalable Security Analytics: Save with Sentinel Data Lake

    Mike Taylor

    Introduction Microsoft Sentinel is a powerful, cloud-native SIEM that enables real-time detection and response. With its integration of Sentinel Data Lake, organizations can efficiently manage vast quantities of security data. However, as organizations scale, one question dominates every discussion: how much does it cost? Data ingestion, storage, queries, and analytics all carry price tags. Without… Read more

  • Unlocking Scalable Security Analytics: Why Pair Microsoft Sentinel with a Data Lake?

    Unlocking Scalable Security Analytics: Why Pair Microsoft Sentinel with a Data Lake?

    Mike Taylor

    Enterprises generate enormous volumes of security data every day from endpoints, identities, applications, and cloud services. Microsoft Sentinel delivers powerful, cloud-native detection and investigation. However, storing and analyzing all of that data directly in Sentinel’s Log Analytics workspace quickly becomes expensive and inefficient. Recently Microsoft released Sentinel Data Lake which will solve this problem for… Read more

  • Mastering SecOps: Drive Better SOC Decisions Today

    Mastering SecOps: Drive Better SOC Decisions Today

    Mike Taylor

    ,

    Welcome back to Mastering SecOps, a five-part blog series built to help you mature your Microsoft Sentinel environment with confidence. So far, we’ve explored smart detection with MITRE ATT&CK and UEBA, and how to destroy response time delays with Sentinel Playbooks and Threat Intelligence. Now, we’ll focus on how to leverage Sentinel Workbooks to visualize… Read more

  • Mastering SecOps: Unlock Smarter Detections with MITRE ATT&CK and UEBA

    Mastering SecOps: Unlock Smarter Detections with MITRE ATT&CK and UEBA

    Mike Taylor

    ,

    Improve Microsoft Sentinel detection by combining MITRE ATT&CK and UEBA. Learn how to map detection rules and use behavior analytics for better security alerts. Read more

  • How to Create Custom Sentinel Analytic Rules

    How to Create Custom Sentinel Analytic Rules

    Mike Taylor

    ,

    By Mike – Security Day Blog – This post will explain the importance of developing Sentinel rules for modern security systems. 👋 Introduction: Sentinel Rule Building Can Be Tough—Here’s How I Make It Easier Let’s be real—building custom detection rules isn’t always easy. There are days when everything clicks and the logic comes together fast.… Read more

  • Exploit SIEM Synergy: Supercharge Azure Sentinel Now

    Exploit SIEM Synergy: Supercharge Azure Sentinel Now

    Mike Taylor

    ,

    Introduction In today’s sprawling security ecosystems, many organizations run parallel SIEMs. They use a legacy platform to handle traditional infrastructure. Alongside this, they use Microsoft Sentinel to watch cloud-native workloads. The challenge? Making these systems talk to each other effectively. This post shows how to ingest alerts from third-party SIEM platforms into Microsoft Sentinel. More… Read more

  • The Unfiltered Truth: How to Slash Sentinel Costs by Curating Log Chaos

    The Unfiltered Truth: How to Slash Sentinel Costs by Curating Log Chaos

    Mike Taylor

    Drowning in logs? You’re not alone. When on-premise systems spew unfiltered telemetry into Microsoft Sentinel, you end up with bloated dashboards, noisy detections, and a hemorrhaging Azure bill. This guide is your antidote: a meticulous blueprint for curating log data — turning a chaotic flood into a lean, incisive signal stream that tells a story… Read more

  • Demystifying Uncommon Log Sources into Microsoft Sentinel: What You Need to Know (with Real Client Examples + Code)

    Demystifying Uncommon Log Sources into Microsoft Sentinel: What You Need to Know (with Real Client Examples + Code)

    Mike Taylor

    Microsoft Sentinel provides native connectors for many popular services. However, when your environment includes custom-built applications, legacy systems, or niche appliances, you’ll often need to step outside of the out-of-the-box options. Ingesting uncommon log sources is essential for achieving complete visibility across your environment. Fortunately, with the right approach, it’s absolutely achievable. In this post,… Read more