The Mysterious Case of the Disappearing Logs

Recently, a Sentinel instance that I'm responsible for showed a significant decrease in the volume of firewall logs being ingested. This drop coincided with an upgrade to the firewall firmware version,

Internationalizing SIEM Rules

When workstations and services are used in a language other than English, some changes to detection rules are required to ensure consistent coverage

Weird issues with Entra ID Signin Logs

I recently experienced an issue where a Sentinel alert for successful Entra ID signin from an unexpected location, fired multiple times after an attacker had already been evicted, and all sessions had been