Matt_Lowe, Author at Argon Systems

Manage Access to Microsoft Sentinel Workbooks with Lower Scoped RBAC

Leveraging Microsoft Sentinel workbooks for reporting to leadership is a common use case. A common concern is granting recipients access to Microsoft Sentinel or all of the tables within the workspace. Using some different RBAC components, this can be done. Components: Table-level RBAC Resource-level RBAC How It Works: Table-level RBAC: Access to the data that is …

Manage Access to Microsoft Sentinel Workbooks with Lower Scoped RBAC Continue Reading

Split Microsoft Sentinel Tables with Multi-Destination Data Collection Rules

Thank you to my colleague Maria de Sousa-Valadas Castano, Adi Biran, and the Azure Monitor team for assisting in writing this content and demos. Looking to better manage where logs go when they are ingested? Enter the mutli-destination data collection rule. Recently, the Azure Monitor team has released a new data collection rule functionality that …

Split Microsoft Sentinel Tables with Multi-Destination Data Collection Rules Continue Reading

Introducing the Microsoft Sentinel Triage Assistant (STAT)

*Note: This article was compiled and posted on behalf of Paul Bergson, Matt Lopinto, and Brian Delaney. I personally did not create or write this content.* Non-Official Stance As a Microsoft Cloud Solution Architect-Engineer, I am providing the following guidance to assist customers in deploying the STAT tool. These recommendations are based on my experiences and …

Introducing the Microsoft Sentinel Triage Assistant (STAT) Continue Reading

Create, Edit, and Monitor Data Collection Rules with the Data Collection Rule Toolkit

*Thank you to Jing Nghik for assisting with the creation of this toolkit and to the Customer Connection Program for testing this solution.* *This is going to be a long blog. I recommend reading it but alternatively there will be a video recording soon that will cover the workbook. TLDR: This workbook serves as a …

Create, Edit, and Monitor Data Collection Rules with the Data Collection Rule Toolkit Continue Reading

Advanced Workbook Concepts with Workbooks 202

*Thank you to John Gardner and Shikha Jain from the Azure Monitor Workbooks team for helping with this content* With Workbooks 202, a sample workbook is provided in the same manner as Workbooks 101. This new workbook will contain examples and samples of each item covered in this document, as well as instructions on how …

Advanced Workbook Concepts with Workbooks 202 Continue Reading

Designs for Accomplishing Microsoft Sentinel Scalable Ingestion

**Thank you to the Microsoft Sentinel CxE team, Jeff Wolford, and @Preeti_Krishna for the assistance with this document.** This blog will provide a high-level overview of potential architecture designs that can be used to achieve a high availability, scalable ingestion pipeline. The main components that will be covered in the designs will be: Load Balancer Forwarder Systems Data …

Designs for Accomplishing Microsoft Sentinel Scalable Ingestion Continue Reading