Logging User Access Admin elevations to Microsoft Sentinel

This week I was surprised to figure out that elevation logs that indicate a Global Admin becoming a User Access Administrator don’t flow to Log Analytics. It’s not possible to enable diagnostics settings for it. TL;DR I built a Logic App that forwards those logs to Log Analytics so I can have Analytic rules in… Continue reading Logging User Access Admin elevations to Microsoft Sentinel

Book review: The Unicorn Project

This week A few weeks ago, I finished reading (and annotating) the book “The Unicorn Project” by Gene Kim. And I thought it would be good to make a small blog post about it. With the Unicorn Project and its predecessor the Phoenix Project, you get different ideas out of the book every time you… Continue reading Book review: The Unicorn Project

Querying Log Analytics from Logic Apps

I spent some time this week at work trying to get a correct setup in querying the (Sentinel) Log Analytics store from a Logic App in Microsoft Azure. So I thought it would be good idea to document it for myself and others. 🙂 The problem Logic Apps allow you to perform actions in Microsoft… Continue reading Querying Log Analytics from Logic Apps

Hello world!

Welcome to WordPress. This is your first post. Edit or delete it, then start writing!