Tag: microsoft-sentinel
3 Artikel zu diesem Thema.
microsoft-sentinelentra-idnon-human-identitiesai-agentsdetection-engineeringkqlservice-principals
The Classic-Agent Blind Spot: Detecting Non-Human Identities in Microsoft Sentinel
Microsoft Entra Agent ID secures the agents you build tomorrow. The service principals and managed identities you already run - the classic agents - are a different story. Two KQL detections, the diagnostic switch nobody flips, and what to do this week.
Weiterlesen →
microsoft-sentinelmsemdefender-xdrexposure-managementkqldetection-engineering
Wiring Microsoft Security Exposure Management Into Sentinel - Triage with Asset Criticality and Attack-Path Context
MSEM gives Sentinel something it never had: asset criticality and attack-path context per entity. Architecture, KQL patterns for incident enrichment, and the entity-matching pitfalls that quietly break them.
Weiterlesen →
microsoft-sentinelazuresiemdata-lakekqlcost-optimization
From Azure Sentinel Log Analytics Workspace to Data Lake - Why Now Is the Right Time
The Sentinel Data Lake Tier changes the cost equation for high-volume security logging. Architecture, migration playbook, KQL examples, and the pitfalls nobody warns you about.
Weiterlesen →