Sign in Subscribe

Support

If a post here has saved you time, untangled a Microsoft Security feature, or earned you a quiet 'nice work' from a colleague, this page is for you.

sentinel.blog is an independent technical blog focused on Microsoft Sentinel, Defender XDR, threat hunting, KQL, and the open source tooling that ties them all together. Every post, every walkthrough, every deep-dive, and every line of code in the published projects is researched, written, tested, and maintained on my own time. Nothing on this site is sponsored or paid for by Microsoft or by any vendor.

If the work here is useful to you or your organisation, please consider supporting it. Your contribution directly funds the lab infrastructure, the research time, the tooling, and the writing whenever I'm able to put it together.

πŸ’› A heartfelt thanks to everyone who already supports this work. Whether you've subscribed to the newsletter, dropped a one-off contribution, taken out a paid tier, opened an issue, or sent a kind email after a post landed β€” all of it matters and none of it is taken for granted. No amount is too small. A single one-off contribution genuinely makes a difference, and the cumulative effect of small recurring support is what keeps the lights on. Thank you.

Why your support matters

Microsoft's security stack moves at a relentless pace. New features land weekly across Sentinel, Defender XDR, the unified portal, and the surrounding Azure Monitor and identity surfaces. Keeping up requires a real testing environment, a current set of agent configurations, working examples of every connector type, and the time to read every release note carefully enough to write something honest about it.

This is a side project, not a job. I have a busy day role and a life outside of it, and the cadence of posts and releases here naturally varies β€” sometimes a wave of work goes out in a few weeks, sometimes there's a quiet stretch while the day job takes over. No commitment to a fixed schedule comes with your contribution. What it does come with is the time and resources to do the work properly when the bandwidth is there.

All blog content is free to read for everyone. Paid tiers do not unlock posts, deep-dives, or open source code. Your contribution funds the existence of the work, not your access to it. The free Individual Reader tier covers the newsletter β€” paid tiers exist purely to let people back the project.

Choose how you want to support

Three audiences, three sets of options. Pick the one that fits.

  • Individual subscribers β€” individual readers who want to give something back to the blog.
  • Organisations β€” companies, teams and consultancies whose people regularly reference the blog or run published code in production.
  • Sentinel-As-Code adopters β€” anyone, individual or organisation, who has rolled out Sentinel-As-Code and wants to direct their support specifically at the project's roadmap.

Individual subscribers

For individual readers security engineers, analysts, consultants, students β€” who get value from the posts and want to chip in. Five named tiers from the free Individual Reader newsletter signup through to Individual Benefactor at Β£30/month. Pick the one that fits; you can change or cancel any time.

Every contribution at any size is genuinely appreciated. If you can't contribute financially, scroll down there is a long list of equally valuable, free things you can do.

For individual readers β€” security engineers, analysts, consultants, students, anyone who reads the blog and wants to back the work that goes into it. Five named tiers, all backed by Stripe through Ghost, billed monthly. Pick the one that fits; you can change or cancel any time from your member account.

The free Individual Reader tier covers the newsletter β€” every new post in your inbox, no payment details needed. The four paid tiers above it (Supporter, Advocate, Champion, Benefactor) are how readers choose to support the work financially.

All blog content stays free to read for everyone. Paid tiers do not unlock posts, deep-dives, or open source code β€” your contribution funds the existence of the work, not your access to it. Click Learn more below to see the full ladder, or pick a tier to sign up directly.

Individual Subscriber

Organisations

Organisation-level support is what funds the strategic, multi-day work that one-off contributions can't reach β€” the longer deep-dives, the lab scenarios that need real workspaces and Azure spend, and the significant features in the published open source projects that turn a working prototype into something a team can actually deploy.

It is also the most direct way to keep the editorial tone independent. A steady base of organisation supporters means this site never has to take sponsored placement, vendor-funded content, or paid promotion to stay viable. Your contribution is what protects that.

For organisations companies, consultancies, internal security teams, anyone whose people benefit from this work and want to back it. Three named Organisation tiers, all backed by Stripe through Ghost, billed monthly. Clean recurring receipt, no procurement involvement, no formal supplier setup required.

The tiers run from Organisation - Patron at Β£125/month through Champion at Β£250/month to Benefactor at Β£500/month. Pick the one that fits your organisation; you can change or cancel any time. If your procurement needs a one-off PO or a single annual invoice instead, contact me and I'll send back what your finance and legal teams need.

All blog content stays free to read for everyone. Paid tiers do not unlock posts, deep-dives, or open source code β€” your contribution funds the existence of the work, not your access to it. Click Learn more below to see the full ladder, or pick a tier to sign up directly.

Organisation Subscriber
Donations and tier subscriptions support open source maintenance and ongoing publication. They do not create a support contract or any service obligation, and they do not grant access to gated content. The projects published from this site are MIT-licensed and provided as-is; the blog is free to read for everyone.

Sentinel-As-Code adopters

If you are running Sentinel-As-Code in production β€” or your team is leaning on the framework, the Pester gate, the drift detection, the dependency manifest, the Documenter β€” your support can be directed at the project's roadmap rather than the blog's general fund.

Sentinel-As-Code is a substantial sub-project of the blog. It ships:

  • End-to-end CI/CD for Microsoft Sentinel deployments on both Azure DevOps and GitHub Actions.
  • A four-phase Pester gate with thousands of assertions wired into branch protection.
  • Drift absorption that pulls portal edits back into the repo as PRs.
  • Daily dependency-manifest auto-PRs that keep the prerequisite graph honest.
  • An inventory documenter that drops a tenant-aware Markdown report into your build artefacts.
  • A Copilot agent set for repo-aware authoring and editing.

Each of these has been a substantial chunk of effort, and the next wave of work is being shaped as time and bandwidth allow β€” there's no fixed release schedule, but the project continues whenever life and the day job give it room.

How to support Sentinel-As-Code specifically

Sentinel-As-Code uses the same Stripe-backed channels as the rest of the blog, with manual attribution via a note. There are no separate checkout pages. To direct your support at the project specifically:

  1. Send a one-off tip via the tipping flow, or sign up at any paid tier.
  2. Mention "Sentinel-As-Code" in the optional note at checkout, or reply to the welcome email afterwards.
  3. I'll label your member account so future communications about the project (release notes, beta invites, prioritised feature input) reach you directly.

If you want to discuss a larger Sentinel-As-Code-specific arrangement β€” sponsoring a whole feature, funding a wave of work, or backing the open source release engineering contact me directly.

For one-off contributions, use the tipping flow and pay any amount you like. Β£1 is genuinely appreciated; so is Β£100. Mention "Sentinel-As-Code" in the note at checkout so I can attribute the contribution to the project's roadmap rather than the blog's general fund. No account or signup needed β€” just a card and an email address for the receipt.

For a single annual sponsorship β€” particularly if your organisation's procurement needs a formal supplier setup, a one-off PO, or an invoice rather than a card payment β€” email me directly. You'll get back an invoice, a short statement of the editorial-independence position for finance and legal, and a conversation about the contribution shape that fits. Annual sponsorship is what makes the strategic, multi-day work on the project possible.

Neither route creates a support contract or any service obligation, and neither unlocks gated content. Sentinel-As-Code is MIT-licensed and free for everyone; your contribution funds the project's roadmap, not your access to it. Click the button below to leave a one-off tip, or use the email link above for sponsorship.

Donate

Other ways to support the blog

Not every contribution is financial, and an independent blog depends on more than money:

  • Subscribe to the newsletter β€” the free Individual Reader tier above. Costs nothing and directly grows the audience.
  • Share what you read β€” a link in your team's Slack, a mention on LinkedIn, a paragraph in a conference talk. Word of mouth is the single most effective way an independent blog grows.
  • Star the open source projects β€” visibility on GitHub trending pages drives discovery with people who'd otherwise never find the work.
  • Open issues and pull requests β€” bug reports, feature requests, content corrections, and PRs against any of the projects published here.
  • Tell me what you'd like to read β€” the most useful feedback is "I needed an answer to X and couldn't find one anywhere". That is where the next post comes from.
  • Write about it yourself β€” a follow-up post, a tutorial, a recorded walkthrough that builds on something here. The community grows when content begets content.

Thank you

If you've read this far, you've already invested more time in this page than most people will. Thank you. Whether you donate, subscribe, share, file an issue, or simply read along quietly β€” every form of support keeps sentinel.blog independent and moving.

To everyone who already contributes β€” financially, with code, with feedback, with a recommendation to a colleague β€” thank you. Whatever you've put in, big or small, one-off or recurring, has helped this work continue. There is no minimum and no expectation; the support that already exists is the only reason the next post or release happens at all.

If you want to talk about a sponsorship arrangement that doesn't fit the options above, a topic you'd like covered, or a partnership that doesn't compromise the editorial independence of this site, drop me an email.

β€” Toby G