Microsoft-Sentinel
Lessons from the field. Always landing on my feet.
From Authorization to Action: Operationalizing CISA's Microsoft Cloud Logs Playbook in Sentinel
CISA originally released the Microsoft Expanded Cloud Logs Implementation Playbook on January 15, 2025. The CISA resource page shown below also has a May 1, 2026 revision date, and the May 2026 DOCX I reviewed is marked as version 1.1 with general โฆ
Copy Fail in the Cloud: A Defender, Sentinel, and AKS Response Guide for CVE-2026-31431
A Linux local privilege escalation bug is easy to dismiss if you only think in traditional server terms. An attacker already needs local access, so how bad can it be? In cloud environments, that assumption breaks fast. A compromised container, a โฆ
The February 2026 Microsoft Sentinel Drop: UEBA Essentials, Copilot Connector, and 9 New GA Connectors
February 2026 brought one of the more substantial Sentinel drops in recent memory. UEBA Essentials hit v3.0.6 with a refined workbook and more than 30 hunting queries (including multi-cloud detections shipped in earlier releases), the M365 Copilot โฆ
Sentinel MCP Server: Securing Your SOC's New AI Attack Surface
In September 2025, Microsoft announced the Sentinel MCP Server, a Model Context Protocol implementation that lets MCP-compatible AI assistants query your Sentinel data using natural language. Microsoft highlights GitHub Copilot, Copilot Studio, and โฆ