I have a problem where I'm unable to escape characters in my KQL query. We are ingesting some custom windows event logs that are being "normalized" in XML format. However, when sentinel normalizes these events, it puts all of them nested fields. Does this for some of the Azure logs as...
You can write a parser to parse these nested elements for every conceivable log, but that might not be practical or worthwhile, depending on the log source. However, an analyst may just want to write a parser for a subset of the data source that is particularly ...
Good day all. I want to automatically close an incident if the events do not include entries in a watchlist. I have another playbook that looks at entities and matches them with the entries... gcorsinigcorsini Thank you for getting back to me. Here is the fu...
Security operations can often be a very repetitive role. As a security analyst, you will often find yourself conducting the same actions and tasks as you work through an investigation. Whilst it is a... UpdatedDec 29, 2020 Version 5.0 Pete Bryan Microso...
{"__ref":"Category:category:microsoft-security"}},"Category:category:top":{"__typename":"Category","id":"category:top","displayId":"top","nodeType":"category","depth":0,"title":"Top","entityType":"CATEGORY","shortTitle":"Top"},"Category:category:communities":...