Monthly Archives: July 2020

Get Alert Relation from an Incident using Azure Sentinel Incident Relation API

Posted on 07/15/2020 by azsec

I have a few questions recently asking if we can get an associated alert for an incident. The idea is to know which alert that caused an incident so SecOps team could better investigate the issue. In this article, let’s … Continue reading

Posted in Security Automation | Tagged , , | 2 Comments

Everything you need to know about Azure Security Center Alert Suppression

Posted on 07/11/2020 by azsec

Different environments may have special configuration that may trigger the alert. And those false positive alerts keep annoying SecOps team. One of the features that SecOps guys working on Azure Security Center wish to have is the ability to automatically … Continue reading

Posted in Azure Security Center | Tagged , | 1 Comment

Transform Azure Sentinel incident to Log Analytics Workspace with Logic App

Posted on 07/08/2020 by azsec

As a SOC Analyst or Manager who are working on Azure Sentinel you would like to have a view of how productive your team is (response time, resolution..). As being familiar with Log Analytics query, you might wish to do … Continue reading

Posted in Security Automation | Tagged , , | 1 Comment