Deploying OCSF to Microsoft Sentinel: A Step-by-Step Implementation Guide (Part 2 of 2)
In **Part 1**, we covered what **OCSF** is and why it solves critical problems for **Microsoft Sentinel** deployments. This post walks through the technical implementation: creating custom tables for OCSF event classes, configuring **Data Collection Rules (DCR)** to transform log
William Clarkson-Antill
May 84 min read
Â
Understanding OCSF: The Universal Translator for Security Data in Microsoft Sentinel (Part 1 of 2)
The **Open Cybersecurity Schema Framework (OCSF)** addresses one of the most persistent challenges in security operations: inconsistent log formats across vendors. If you've spent hours writing custom parsers for every new data source in **Microsoft Sentinel**, OCSF offers a stan
William Clarkson-Antill
May 14 min read
Â
Microsoft Sentinel - Creating Parsers within a Workspace
I thought I'd write some tips, tricks, and notes on how to build out an effective parser for your Sentinel Workspace. There are a heap of...
William Clarkson-Antill
Oct 18, 20232 min read
Â
Microsoft Sentinel - Data Ingestion from Multiple Tenants within the Same Platform
I thought I'd create a guide for ingesting multiple tenants' security information from the same platform. For example, if I have multiple...
William Clarkson-Antill
Sep 24, 20233 min read
Â
Microsoft Sentinel - Getting Started Series
Intro Hey all, I thought I'd create a new get-started series for newcomers and people wanting to know more about Microsoft Sentinel. In...
William Clarkson-Antill
Aug 31, 20235 min read
Â
Microsoft Sentinel - Higher limits for entities in alerts and entity mappings
A feature that has been wanted for an extremely long time (in my opinion) is finally here. Something that gives alerting a step up when...
William Clarkson-Antill
Aug 28, 20231 min read
Â
