May 20, 2022
Published by Rod Trent on May 20, 2022
Categories

Must Learn KQL Now Available from Amazon

The Must Learn KQL series has been a success with over 700 completion certificates delivered so far and many thousands more who have gone through the […]
Do you like it?0
Read more
May 9, 2022
Published by Matt Zorich on May 9, 2022
Categories

Azure AD Conditional Access Insights & Auditing with Microsoft Sentinel

If you have spent any time in Azure Active Directory, chances are you have stumbled across Azure AD Conditional Access. It is at the very center […]
Do you like it?0
Read more
April 12, 2022
Published by Matt Zorich on April 12, 2022
Categories

Monitoring Active Directory with Microsoft Sentinel – the agent deep dive.

If you are looking at using Microsoft Sentinel, then Active Directory is likely high on your list of sources to onboard. If you already use it, […]
Do you like it?0
Read more
March 26, 2022
Published by Rod Trent on March 26, 2022
Categories

The Microsoft Security Insights Podcast is Coming to Microsoft Reactor

For fans of the weekly Microsoft Security Insights podcast, Frank, Edward, Brodie, and I have some awesome news to share. The popularity of the podcast continues […]
Do you like it?0
Read more
March 25, 2022
Published by Matt Zorich on March 25, 2022
Categories

Deception in Microsoft Sentinel with Thinkst Canaries

Honeypots have been around for a long time in InfoSec. The idea is that you set up some kind of infrastructure – maybe a file server […]
Do you like it?0
Read more
March 17, 2022
Published by Rod Trent on March 17, 2022
Categories

Addicted to KQL Part 0: The Wit and Wisdom of Standard Columns in Azure Monitor Logs

The Addicted to KQL series is an ongoing, advanced series for KQL. For beginning topics don’t start here. Instead, see the original Must Learn KQL series. The series […]
Do you like it?0
Read more
March 16, 2022
Published by Matt Zorich on March 16, 2022
Categories

Maintaining a well managed Azure AD tenant with KQL

This article is presented as part of the #AzureSpringClean event. The idea of #AzureSpringClean is to promote well managed Azure environments. This article will focus on […]
Do you like it?0
Read more
March 1, 2022
Published by Rod Trent on March 1, 2022
Categories

Create and Maintain Your Own KQL Demo Environment with the New Start-for-free Cluster

As we continue efforts to ensure KQL is accessible to everyone (regardless of whether or not an Azure subscription is required), a new Start-for-free Cluster program […]
Do you like it?0
Read more
March 1, 2022
Published by Matt Zorich on March 1, 2022
Categories

Detecting malware kill chains with Defender and Microsoft Sentinel

The InfoSec community is amazing at providing insight into ransomware and malware attacks. There are so many fantastic contributors who share indicators of compromise (IOCs) and […]
Do you like it?0
Read more
February 9, 2022
Published by Matt Zorich on February 9, 2022
Categories

Too much noise in your data? Summarize it!

Defenders are often looking for a single event within their logs. Evidence of malware or a user clicking on a phishing link? Whatever it may be. […]
Do you like it?82
Read more
January 25, 2022
Published by Matt Zorich on January 25, 2022
Categories

KQLCeption – use KQL to investigate Microsoft Sentinel

For people that use a lot of cloud workloads you would know it can be hard to track cost. Billing in the cloud can be volatile […]
Do you like it?61
Read more
January 4, 2022
Published by Matt Zorich on January 4, 2022
Categories

Detecting privilege escalation with Azure AD service principals in Microsoft Sentinel

Defenders spend a lot of time worrying about the security of the user identities they manage. Trying to stop phishing attempts or deploying MFA. You want […]
Do you like it?34
Read more
Load more