May 15, 2023

Have a JSON headache in KQL? Try mv-expand or mv-apply

One of the more difficult things to learn in KQL (apart from joining tables together) is how to deal with multi-value sets of data. If you […]
May 12, 2023

Microsoft Defender for Server Reference Architecture and Deployment Guide

When coming to deploying Defender for Servers within Microsoft Defender for Cloud, there are a number of considerations and factors which need focus to ensure a […]
April 27, 2023

Automate your SOC – Known Badness

Threat Intelligence Module This post builds upon your initial installation and provides a deeper understanding of each of the modules (log apps) that make up MSTAT. […]
April 19, 2023

Automate your SOC – Rise of the machine (risk)

Microsoft Defender for Endpoint We’re back with another edition of Automate your SOC with Microsoft STAT. Today we’re going to discuss the Microsoft Defender for Endpoint […]
April 7, 2023

Automate your SOC – Is there anything else going on?

Microsoft Sentinel Related Alerts This post builds upon your initial installation and provides a deeper understanding of each of the modules (log apps) that make up […]
March 28, 2023

Automate your SOC – Oh, that user again?

Adding user risk to your STAT playbook Now that you’ve got your first playbook set up, let’s talk about what each module does. We’re going to […]
March 9, 2023

Automate your SOC – Risky Business

Giving your incidents a risk score So, you’ve installed STAT using the deployment ARM template? Yes, ok let’s go. If not, see our tutorial on getting […]
March 2, 2023

Automate your SOC – Noise is the enemy of speed

As you can imagine, Microsoft has a massive security footprint. We’ve published previously that we get more than 20 billion cybersecurity events per day. That is […]
February 22, 2023

Let’s talk about STAT, baby

Let’s talk about SIEM and me…let’s talk about all the good things Last week, we talked about automating your SOC with the Microsoft Sentinel Triage Assistant […]
February 14, 2023

Let’s automate your SOC

Intro to Microsoft Sentinel Triage Assistant (STAT) We wanted to jump right in to help you automate your security operations by introducing the Microsoft Sentinel Triage […]