April 12, 2022

Monitoring Active Directory with Microsoft Sentinel – the agent deep dive.

If you are looking at using Microsoft Sentinel, then Active Directory is likely high on your list of sources to onboard. If you already use it, […]
March 1, 2022

Detecting malware kill chains with Defender and Microsoft Sentinel

The InfoSec community is amazing at providing insight into ransomware and malware attacks. There are so many fantastic contributors who share indicators of compromise (IOCs) and […]
January 25, 2022

KQLCeption – use KQL to investigate Microsoft Sentinel

For people that use a lot of cloud workloads you would know it can be hard to track cost. Billing in the cloud can be volatile […]
January 4, 2022

Detecting privilege escalation with Azure AD service principals in Microsoft Sentinel

Defenders spend a lot of time worrying about the security of the user identities they manage. Trying to stop phishing attempts or deploying MFA. You want […]
December 16, 2021

Microsoft Sentinel and the power of functions

Functions in Microsoft Sentinel are an overlooked and underappreciated feature in my experience, there is no specific Sentinel guidance provided by Microsoft on how to use […]