Blogs by Ashwin

 Access Azure Sentinel Data with External Tools Azure Sentinel's foundation is based on the Log Analytics Data Store, which is capable of combining the high-performance querying, dynamic schema, and scales to massive data volumes. The Azure portal and all the other Azure Sentinel tools always uses a standard API to access this data store which is also available for external tools such as Python and PowerShell. There are two libraries that can be used to simplify API access: kqlmagic msticpy kqlmagic The kqlmagic library provides the easy to implement API wrapper to run KQL queries. msticpy msticpy, also known as the Microsoft Threat Intelligence Python Security Tools, is a set of Python tools intended to be used for security investigations and hunting. Many of the tools originated as code Jupyter notebooks solve a problem as part of security investigation. Some of the tools are only useful in notebooks, but many others can be used from the Python command line or imported into your ...

  Manage Azure Sentinel Threat-Hunting Queries To efficiently find and isolate security threats, and unwanted activities in Contoso's environment, you can use the Azure Sentinel which contains powerful query tools. Hunt by using built-in queries Search and query tools can be used in Azure Sentinel to hunt for security threats and tactics throughout your environment. The Hunting page in Azure Sentinel provides built-in queries that can easily guide your hunting process as well as helps you to pursue the appropriate hunting paths to uncover issues in your environment while also exposing issues with the help of Hunting Queries that aren't significant enough on their own to generate an alert but have happened often enough over time to warrant investigation.  The Hunting page also provides a list of all hunting queries that can be saved by selecting the Favorites star icon for the query in the list.  Tip- When a query is selected as a favorite, it runs automatically each time ...