Master Log Tiering With Microsoft Sentinel data lake
Updated—12/02/2026 — For supported Microsoft Defender XDR tables (MDE/MDO/MDA), you can now stream directly to the Microsoft Sentinel data lake while keeping XDR retention at
35 Min. Read
Collect Security Events with Azure Monitor Agent on Workstations
Microsoft Defender for Endpoint (MDE) with Plan 2 provides a really great and relatively affordable way of ingesting large-scale events into your SIEM, like Microsoft
14 Min. Read
Demystifying Microsoft Sentinel Roles and Permissions
Effective access control is the keystone of any secure, well‑managed Microsoft Sentinel deployment. By carefully scoping permissions at each level—from your Azure tenant down to
31 Min. Read
Auxiliary Logs Transformations in Microsoft Sentinel: A Step-by-Step Guide
Updated — 20/08/2025 — The tool below has been updated to create Microsoft Sentinel Data Lake tier tables, which are the same as Auxiliary tier
13 Min. Read
Ultimate Health Check for Microsoft Sentinel: Boost Security & Savings
A robust Microsoft Sentinel deployment is more than just a “set and forget” cloud SIEM solution. As your organization’s security posture evolves, so too do
33 Min. Read
Enhancing Security Visibility with Microsoft Sentinel Summary Rules for Fortinet Logs and Threat Intelligence
Microsoft Sentinel is a powerful cloud-native SIEM (Security Information and Event Management) and SOAR (Security Orchestration, Automation, and Response) solution to help organizations aggregate, analyze,
14 Min. Read
Revolutionizing Threat Intelligence in Microsoft Sentinel: Transitioning to Enhanced Modeling and Advanced Threat Hunting
Cybersecurity is an ever-evolving field, and staying ahead of potential threats requires constant innovation. Microsoft Sentinel continues to lead the way with its advanced threat intelligence capabilities.
10 Min. Read
Forward Logs to Microsoft Sentinel with a Private Link
In today’s hybrid and multi-cloud world, securing log data is critical for any organization’s cybersecurity posture. Microsoft Sentinel is a cloud-native Security Information and Event
21 Min. Read
Optimize Fortinet Traffic Logs into Microsoft Sentinel
Modern security operations demand high visibility into network traffic, endpoint activity, and cloud events. Firewalls and proxy appliances, like Fortinet, Palo Alto, etc., are critical
15 Min. Read
Monitor Summary Rules in Microsoft Sentinel
Maintaining robust security operations is more critical than ever in today’s rapidly evolving cybersecurity landscape. Microsoft Sentinel, a cloud-native SIEM solution, empowers organizations with real-time
7 Min. Read