-
From Zero to Connected: Building a Push Codeless Connector for Microsoft Sentinel
When people hear “build a connector,” they often expect custom backend code, queueing, retry logic, deployment overhead, and a long stabilization phase. For this post, I took a different path: I used the Microsoft Sentinel Codeless Connector Framework (CCF) to onboard a custom data source (Contoso Security Alerts) with a Push integration model. The result:…
-
Generate playbooks using AI in Microsoft Sentinel
The new SOAR playbook generator introduces an entirely new way of building security automation in Microsoft Sentinel and XDR. Instead of manually writing code, analysts can now co‑create Python‑based automation workflows through a natural conversation with Cline Visual Code Studio, an integrated AI coding agent. Describe what you want to automate, and the generator produces:…
-
Automating Your Microsoft Sentinel Setup with GitHub Actions
Manually deploying Microsoft Sentinel resources can take a lot of time and often leads to mistakes.Using GitHub Actions and Infrastructure‑as‑Code, you can automate everything — Sentinel solutions, analytics rules, automatic rules, hunting queries, and workbooks — so that a single push to your repo triggers the entire deployment.In this guide, I show how to set…
-
Boosting SecOps Productivity: How to Use Microsoft Sentinel Inside Visual Studio Code
In modern Security Operations Centers (SOC), teams are increasingly expected to deliver engineering‑level quality while maintaining operational speed. As organizations shift toward the Unified Security Operations Platform, combining Microsoft Sentinel with Visual Studio Code (VS Code) has become one of the most efficient ways to build detections, automate workflows, and perform threat hunting at scale.…
-
Power of attack simulations in Unified Security Operations with Microsoft Sentinel and Defender XDR
Microsoft is committed to empowering security teams by consolidating the multitude of tools necessary for protecting a digital estate into a single, effective solution powered by AI and automation. This addresses a key pain point in the cybersecurity industry: the need for comprehensive protection and boosting Security Operations Center (SOC) efficiency. Main features: In this…
-
How to become a Microsoft Security MVP (Most Valuable Professional)
Are you passionate about Microsoft Security products and services? Do you love sharing your knowledge and expertise with the community? Do you want to be recognized as a leader and an influencer in your field od Microsoft Security? If you answered yes to these questions, then you might be interested in becoming a Microsoft Security MVP.…
-
FinOps in Microsoft Sentinel
Microsoft Sentinel’s security analytics and operations data is stored in an Azure Monitor Log Analytics workspace. Billing is based on the volume of data analyzed in Microsoft Sentinel and stored in the Log Analytics workspace. The cost of both is combined in a simplified pricing tier. Microsoft 365 data sources are always free to ingest for all Microsoft Sentinel users: Billable data…