In sentinel log in OperationName column nothing is appearing what to do?
@progod6017 Жыл бұрын
Good video
@IamSahilVerma3 жыл бұрын
First like from Canada...
@shijin_suresh Жыл бұрын
Great Job! Thanks
@wilkinsanchez87372 жыл бұрын
Excellent video. How do you keep track of your expenses when doing these labs? How much money do you usually spend? Is there a way I could do things like this in a lab environment without worrying for a big bill?
@AzureVlog Жыл бұрын
As long as you don't ingest that much data into Microsoft Sentinel, it isn't expensive. You pay per GB that gets ingested into Sentinel. Another way to keep things within budget, is to delete resources after finishing your lab.
@yt0ng6463 жыл бұрын
You are doing a fantastic job here, thanks a lot !
@jytan7402 жыл бұрын
is there any guide that can help splunk users translate from SPL to KQL?
@Christian-np6je2 жыл бұрын
Awesome video and summary! Thanks a lot!
@bala007raju2 жыл бұрын
very nice video , thanks lot
@willemplug33662 жыл бұрын
Love the time and effort you put in the coffee edit😁
@IamSahilVerma3 жыл бұрын
First like from Canada..
@polonia66 Жыл бұрын
HI, thank you for your great videos. I have question about 42:51 If i would like to set playbook to block the user, what is the best way to do it? as i can see in your case - you add URL with username? so this playbook will be just for one user, how to do with case of any user?
@AzureVlog Жыл бұрын
You can use variables in the URI of the HTTP activity. You use the "Entities - Get Account" activity to retrieve the username. Then use that username as variable in the URI. It is actually quite bad that I "hardcoded" the username in the URI of the HTTP activity.