Migrate SOAR Use Cases from Splunk to Microsoft Sentinel Microsoft Sentinel provides Security Orchestration, Automation, and Response (SOAR) capabilities with automation rules and playbooks. Automation rules automate incident handling and response, and playbooks run predetermined sequences of actions to response and remediate threats. This article discusses how to identify SOAR use cases, and how to … More Migrate SOAR Use Cases from Splunk to Microsoft Sentinel
Incident Management – Advanced Search The new Incident Management Advance Search feature allows users to search on an extended list of incident fields to provide more flexibility around incident management. Common Use-Cases & Scenarios: For users who would like to search for incidents related to the one they are working on For users who would … More Incident Management – Advanced Search
Jumpbox as a Service It’s been a while since I’ve done some PowerShell Script blogging / development. I’ve already uploaded the code to my GitHub repo and I’ll drop that link down below. Context: What is an “Automated Azure Jump -ox as a Service” …..well…it does exactly as it sounds. I actually developed this for … More Automated Azure Jump-box as a Service
Azure Defender & Sentinel Alerts Bi-Directional Sync Azure Defender and Azure Sentinel bi-directional status sync will help you work seamlessly with Azure Defender & Sentinel by automatically syncing alerts and incidents statuses between the products. Close or updated incidents in Azure Sentinel containing Azure Defender alerts will automatically update the alert in the Azure Defender … More Azure Defender and Azure Sentinel Alerts Bi-Directional Sync
I’ve put together a little list of essential tips that I use when dealing with customers on Azure Security Defense engagements. Visibility Get visibility into your environment, cover your entire attack surface, in order to get the best results out of your analytics you need to make sure that you have access and visibility to … More Craig’s Top Tips for Azure Security Operations
In my latest video I’ll be showing you how to detect living off the land techniques using Azure Sentinel. This video is focused on the process RundDLL32.exe and how easy it is to leverage a malicious DLL file to execute a reverse shell connection back to a Kali Linux VM, grab that coffee or whiskey…. … More Detecting Living off the Lands with Azure Sentinel
In my latest video I’ll be showing you how to detect anonymous azure blob storage access and the scenarios around why having public access is pretty dangerous. I show you how to enumerate blob access along with how to perform detecting the enumerations alwayssecurity #alwaysready #alwayscloud #alwaysazure
A study show In 2019, Picus Labs Security analyzed over 56 thousand types of malware to determine tactics, techniques, and procedures. Picus Labs categorized each observed TTP by utilizing the MITRE ATT&CK® framework. As a result of the present research, over 362 thousand TTPs observed in the last year were mapped to the ATT&CK framework, … More Detecting Masquerading Techniques with Azure Sentinel
What is an Azure Sentinel Solution….?? And why do I care ?? Well you will care after you’ve finished reading this blog 😉 So Azure Sentinel Solutions provide an in-product experience for central discoverability, single-step deployment, and enablement of end-to-end product and/or domain and/or vertical scenarios in Azure Sentinel. The entire experience is powered by … More Azure Sentinel Solution Packages!!
Having a long term retention for your security data is essential, depending on your organisation and policies your data might need to be kept for upwards of 10+ years…. So what do I do with my data for long term retention? In my new recent video, I describe the multiple solutions currently available for long … More Azure Sentinel Long Term Data Retention what’s the best option??