HI, thank you for your great videos. I have question about 42:51 If i would like to set playbook to block the user, what is the best way to do it? as i can see in your case - you add URL with username? so this playbook will be just for one user, how to do with case of any user?
You can use variables in the URI of the HTTP activity. You use the "Entities - Get Account" activity to retrieve the username. Then use that username as variable in the URI. It is actually quite bad that I "hardcoded" the username in the URI of the HTTP activity.
Excellent video. How do you keep track of your expenses when doing these labs? How much money do you usually spend? Is there a way I could do things like this in a lab environment without worrying for a big bill?
As long as you don't ingest that much data into Microsoft Sentinel, it isn't expensive. You pay per GB that gets ingested into Sentinel. Another way to keep things within budget, is to delete resources after finishing your lab.
Love the time and effort you put in the coffee edit😁
You are doing a fantastic job here, thanks a lot !
Awesome video and summary! Thanks a lot!
In sentinel log in OperationName column nothing is appearing what to do?
Great Job! Thanks
HI, thank you for your great videos. I have question about 42:51
If i would like to set playbook to block the user, what is the best way to do it? as i can see in your case - you add URL with username? so this playbook will be just for one user,
how to do with case of any user?
You can use variables in the URI of the HTTP activity. You use the "Entities - Get Account" activity to retrieve the username. Then use that username as variable in the URI. It is actually quite bad that I "hardcoded" the username in the URI of the HTTP activity.
@@AzureVlog thank you so much!
Excellent video. How do you keep track of your expenses when doing these labs? How much money do you usually spend? Is there a way I could do things like this in a lab environment without worrying for a big bill?
As long as you don't ingest that much data into Microsoft Sentinel, it isn't expensive. You pay per GB that gets ingested into Sentinel. Another way to keep things within budget, is to delete resources after finishing your lab.
is there any guide that can help splunk users translate from SPL to KQL?
Keep it up! These are good.
very nice video , thanks lot
Good video
First like from Canada..
First like from Canada...