Monthly Archives: November 2021

Azure Sentinel near-real-time (NRT) Analytics Rule ARM Template

Microsoft just introduced a new type of analytics rule called near-real-time (NRT). This rule provides the capability to up-to-the-minute detection. It basically means you wouldn’t have to worry about ingestion delay especially the five minutes minimum delay. This article provides … Continue reading

Posted in Security Automation | Tagged , | Leave a comment

Azure Sentinel custom alert named based on detected resource

I got a question from a friend today asking if he could customize alert name based on the detected resource. He was in charge of building rule set for monitoring Azure Key Vault resources. He wanted to see something like … Continue reading

Posted in Security Automation | Tagged | 1 Comment

Azure Sentinel Analytics Rule ARM Template

I have got several people asking if they can develop and deploy Azure Sentinel Analytics rule in form of Azure ARM Template. This article is simply to provide you a sample template so you can quickly deploy a rule in … Continue reading

Posted in Security Automation | Tagged | 1 Comment