May 20, 2022

Must Learn KQL Now Available from Amazon

The Must Learn KQL series has been a success with over 700 completion certificates delivered so far and many thousands more who have gone through the […]
May 9, 2022

Azure AD Conditional Access Insights & Auditing with Microsoft Sentinel

If you have spent any time in Azure Active Directory, chances are you have stumbled across Azure AD Conditional Access. It is at the very center […]
April 12, 2022

Monitoring Active Directory with Microsoft Sentinel – the agent deep dive.

If you are looking at using Microsoft Sentinel, then Active Directory is likely high on your list of sources to onboard. If you already use it, […]
March 26, 2022

The Microsoft Security Insights Podcast is Coming to Microsoft Reactor

For fans of the weekly Microsoft Security Insights podcast, Frank, Edward, Brodie, and I have some awesome news to share. The popularity of the podcast continues […]
March 25, 2022

Deception in Microsoft Sentinel with Thinkst Canaries

Honeypots have been around for a long time in InfoSec. The idea is that you set up some kind of infrastructure – maybe a file server […]
March 17, 2022

Addicted to KQL Part 0: The Wit and Wisdom of Standard Columns in Azure Monitor Logs

The Addicted to KQL series is an ongoing, advanced series for KQL. For beginning topics don’t start here. Instead, see the original Must Learn KQL series. The series […]
March 16, 2022

Maintaining a well managed Azure AD tenant with KQL

This article is presented as part of the #AzureSpringClean event. The idea of #AzureSpringClean is to promote well managed Azure environments. This article will focus on […]
March 1, 2022

Create and Maintain Your Own KQL Demo Environment with the New Start-for-free Cluster

As we continue efforts to ensure KQL is accessible to everyone (regardless of whether or not an Azure subscription is required), a new Start-for-free Cluster program […]
March 1, 2022

Detecting malware kill chains with Defender and Microsoft Sentinel

The InfoSec community is amazing at providing insight into ransomware and malware attacks. There are so many fantastic contributors who share indicators of compromise (IOCs) and […]
February 9, 2022

Too much noise in your data? Summarize it!

Defenders are often looking for a single event within their logs. Evidence of malware or a user clicking on a phishing link? Whatever it may be. […]
January 25, 2022

KQLCeption – use KQL to investigate Microsoft Sentinel

For people that use a lot of cloud workloads you would know it can be hard to track cost. Billing in the cloud can be volatile […]
January 4, 2022

Detecting privilege escalation with Azure AD service principals in Microsoft Sentinel

Defenders spend a lot of time worrying about the security of the user identities they manage. Trying to stop phishing attempts or deploying MFA. You want […]