Advanced Hunting

• Building a Brute Force Detection Query: How To Think Through Network Logon Failures

• Defender XDR Incident Investigation: A to Z Using a Real Example

• Advanced Hunting Just Got a Lot More Powerful. You Can Now Act on What You Find.

Show more →

Analytic Rules

• Microsoft Sentinel: From Logs to Alerts - Creating Your First Analytic Rule

• How to Bulk Enable All Sentinel Analytic Rules (The Easy Way)

• Beyond the Basics: Forging Your Own Custom Detections in Defender XDR

• The KQL Playbook (Play #2): Mastering the Matching Game

• Fixing Microsoft's Azure Brute Force Detection: Why Their Template Fires Constantly (And What You Should Change)

Show more →

Automation

• Microsoft Sentinel: Let the Robots Do the Work - Your First Automation Playbook

• How to Bulk Enable All Sentinel Analytic Rules (The Easy Way)

• Microsoft Sentinel: How to Nuke a Noisy Incident Queue

• Microsoft Sentinel Rule Tuning: Kick the Noise, Keep the Signal

• Herding Cats with Sentinel: An In-Depth Guide to Workspace Manager

Show more →

Career Advice

• How to Nail Your First SOC Analyst Interview (Professor's Notes)

• MSSP SOC Analyst Interviews (Microsoft Stack): The questions you’ll actually get -and the answers I’d actually give

Show more →

Cost Optimisation

• Sentinel on a Budget: How to Tame Your Log Costs

• Sentinel's Endgame Gear: Sentinel Data Lake

• Sentinel's Built-in Consultant: An In-Depth Guide to SOC Optimization

• The "Undo" Button for Sentinel Logs: An In-Depth Guide to Purging Data

• Post-Deployment Sentinel and Defender XDR: You're Not Done Yet

Show more →

Data Connectors

• So You've Deployed Sentinel. Now What? A Guide to Data Connectors

• Post-Deployment Sentinel and Defender XDR: You're Not Done Yet

• Data Connectors: The Order That Actually Matters

Show more →

Defender XDR

• Post-Deployment Sentinel and Defender XDR: You're Not Done Yet

• Defender for Office 365 Policy Configuration: Anti-Phishing, Anti-Spam, Malware, Safe Links

• Threat Analytics in Microsoft Defender: What It Actually Does and Why Your SOC Needs It

• Data Connectors: The Order That Actually Matters

• Defender for Identity: What's The Point? (And Is It Actually Worth Your Time)

Show more →

Detection Engineering

• Detection Engineering and Why It's a Must Have

• Detection Engineering and Why It's a Must Have Part 2

• Your Sentinel Detection Setup Is Probably Broken. Here's How to Know.

• I Passed the GCDA. Here's What Nobody Tells You About SEC555

• Your Crown Jewels Are in Defender. You Just Never Set Them Up.

Show more →

Getting Started

• How to create Microsoft Sentinel

• So You've Deployed Sentinel. Now What? A Guide to Data Connectors

• Microsoft Sentinel: From Logs to Alerts - Creating Your First Analytic Rule

• Microsoft Sentinel: An Incident Just Fired. Now What? (A Beginner's Guide to Investigation)

• The KQL Playbook (Play #2): Mastering the Matching Game

Show more →

Incident Investigation

• Defender XDR Incident Investigation: A to Z Using a Real Example

Show more →

Incident Response

• Microsoft Sentinel: An Incident Just Fired. Now What? (A Beginner's Guide to Investigation)

• Microsoft Threat Intelligence: Giving Your Sentinel a Brain

• Hunting Ransomware in Storage Accounts (When You Can't Afford Defender)

• Beyond the Basics: Forging Your Own Custom Detections in Defender XDR

• Defender XDR Incident Investigation: A to Z Using a Real Example

Show more →

KQL

• Microsoft Sentinel: From Logs to Alerts - Creating Your First Analytic Rule

• Microsoft Sentinel: An Incident Just Fired. Now What? (A Beginner's Guide to Investigation)

• The KQL Playbook (Play #1): A Beginner's Guide to Talking to Your Data

• Microsoft Sentinel's Secret Weapon: Your First Watchlist

• Microsoft Sentinel Rule Tuning: Kick the Noise, Keep the Signal

Show more →

Logic Apps

• Microsoft Sentinel: Let the Robots Do the Work - Your First Automation Playbook

• The "Undo" Button for Sentinel Logs: An In-Depth Guide to Purging Data

• The Self-Updating Watchlist: Automating Sentinel with Logic Apps & Graph API

• Sentinel Cost Spike: How To Actually Find The Culprit Table

• One‑Click Threat Intel: Add IOCs from Sentinel Incidents with a Logic App

Show more →

Microsoft Defender for Cloud Apps

• A SOC Analyst's Introduction to Defender for Cloud Apps

• Mastering Policies in Defender for Cloud Apps: A Deep Dive for the SOC Trenches

• App Governance in Defender for Cloud Apps: Your OAuth App Security Command Centre

• Why You Actually Need Microsoft Defender for Cloud (And What It Actually Does)

• Connecting Your Environment to Defender for Cloud: Azure, AWS, GCP, and On-Premises

Show more →

Microsoft Sentinel

• How to create Microsoft Sentinel

• A Day in the Life of a SOC Analyst

• So You've Deployed Sentinel. Now What? A Guide to Data Connectors

• Microsoft Sentinel: From Logs to Alerts - Creating Your First Analytic Rule

• Microsoft Sentinel: An Incident Just Fired. Now What? (A Beginner's Guide to Investigation)

Show more →

Security Operations

• A Day in the Life of a SOC Analyst

• Microsoft Sentinel: How to Nuke a Noisy Incident Queue

• MSSP SOC Analyst Interviews (Microsoft Stack): The questions you’ll actually get -and the answers I’d actually give

• The KQL Playbook (Play #2): Mastering the Matching Game

• The KQL Playbook (Play #5): The Anomaly Play - Finding the 'Weird'

Show more →

Sentinel Tuning

• Post-Deployment Sentinel and Defender XDR: You're Not Done Yet

• Beauty of Data Visualization in Microsoft Sentinel Using KQL

• Microsoft Sentinel on a Shoestring: What You Can Actually Do with Business Premium

Show more →

Sentinel Workbook

• Sentinel Workbooks: Deploy and Customise Your First Dashboard

• Three Essential Sentinel Workbooks You Should Deploy Right Now

• User Audit Investigation Workbook: Deploy in Minutes, Investigate in Seconds

• Diagnostic Settings Manager Workbook

• Why Abandoned Resources Are a Security Problem, Not Just a Billing One

Show more →

Shadow IT

• A SOC Analyst's Introduction to Defender for Cloud Apps

• App Governance in Defender for Cloud Apps: Your OAuth App Security Command Centre

Show more →

SOC

• How to Nail Your First SOC Analyst Interview (Professor's Notes)

• A Day in the Life of a SOC Analyst

• Microsoft Sentinel: How to Nuke a Noisy Incident Queue

• MSSP SOC Analyst Interviews (Microsoft Stack): The questions you’ll actually get -and the answers I’d actually give

• Microsoft Threat Intelligence: Giving Your Sentinel a Brain

Show more →

Threat Hunting

• The KQL Playbook (Play #1): A Beginner's Guide to Talking to Your Data

• Sentinel's Endgame Gear: Sentinel Data Lake

• Microsoft Threat Intelligence: Giving Your Sentinel a Brain

• Hunting Ransomware in Storage Accounts (When You Can't Afford Defender)

• The KQL Playbook (Play #3): Mastering Strings, Timestamps, and Ugly JSON

Show more →

UEBA

• UEBA in Microsoft Sentinel: Stop Wasting Time on Behavioral Analytics

• Your Sentinel Detection Setup Is Probably Broken. Here's How to Know.

Show more →

Workbooks

• Sentinel Workbooks: Deploy and Customise Your First Dashboard

• Three Essential Sentinel Workbooks You Should Deploy Right Now

• User Audit Investigation Workbook: Deploy in Minutes, Investigate in Seconds

• Diagnostic Settings Manager Workbook

• Why Abandoned Resources Are a Security Problem, Not Just a Billing One

Show more →