A long way to go for AI implementations in SIEM platforms
Trend Agentic AI SIEM Microsoft Sentinel Security CoPilot SentinelOne Purple AI Purple AI supports a variety of data sources…
Category: sentinel
Nifi Groovyscript to convert JSON table array to key value JSON format
If you have data in a nested table array you can convert it to the standard key:value JSONpair by using…
Credential stuffing attacks against Azure Portal from Set User Agent and Device
We have recently identified a persistent credential stuffing attack against some of our customers. Credential stuffing is a cyberattack method in which…
Pushing Bulk Indicators to Multiple Sentinel Instances for a MSSP
Problem We manage a MISP instance which receives over 130,000 IOCs every day from multiple sources which we need to…
SIEM Log Ingestion – To filter or to deduplicate
Why Should You Manage Your Log Ingestion? Cost Implications SIEM tools operate under a licensing model that typically charges based…
Sentinel Parsing Data at Ingestion or at Query time
There are different options for parsing data in Microsoft Sentinel. Query time parsing when the parsing is done when an…
Why is the Sentinel Threat Intelligence Indicator API so full of bugs
Microsoft have an API to add IOCs to the threat intelligence module in sentinel which can you read about here.…
Filebeat write: failed to publish events / connection reset by peer
I was using filebeat to listen on port 514 to accept rsyslog messages from AIX servers with the aim of…
Microsoft Sentinel Watchlists and wildcard/partial/substring table joins in KQL
Watchlists are a great way to house data in a table format to be used for various purposes, be it…