The Pros and Cons of Threat Hunting
The Pros and Cons of Threat Hunting Assuming Breach Stealthy supply chain attacks like Solorigate and Log4j have shined a light on the importance of assuming breach. When these attacks hit the news, vendors and analysts often suggest to “hunt for Indicators of Compromise.” IT and security pros spend nights and weekends determining the extent […]
How to Save on Sentinel’s Recurring Costs
How to Save on Sentinel’s Recurring Costs While Microsoft Sentinel is a powerful tool to identify and resolve sophisticated cyber attacks, organizations who pilot without taking preliminary steps to minimize costs might experience some sticker shock. This blog outlines some of the more obvious and subtle optimizations that are often missed. Don’t Go with Pay-As-You-Go […]
Azure Sentinel Hunting
Azure Sentinel Hunting Hunting Overview Azure Sentinel Hunting is based off queries. It allows for manual, proactive investigations into possible security threats based on the ingested data as well as retroactive pursuits of attacks and root cause analysis. Hunting consists of several capabilities: Queries: Microsoft provided several built-in queries and custom queries can also be […]
Azure Sentinel Operations
Azure Sentinel Operations Introduction Now that Azure Sentinel has started collecting data, it’s time for a deep dive into each component to discover how to utilize the data. The examples below are sample use cases of what Azure Sentinel can do. It is by no means an extensive overview of the capabilities. There is a […]
Onboarding Data Sources Into Azure Sentinel
Onboarding Data Sources Into Azure Sentinel Knowing what data you wish to analyze within a SIEM solution provides a tremendous advantage to deploying Azure Sentinel. However, that is not always the case during an initial deployment. You don’t know what you don’t know. Luckily, Microsoft allows free ingestion of most Azure and Office 365 activities […]
Intro to Azure Sentinel
Intro to Azure Sentinel Azure Sentinel is a cloud native Security Information Event Management (SIEM) and Security Orchestration, Automation and Response (SOAR) solution. A SIEM solution aggregates data and provides real-time analysis of security alerts generated by applications and network appliances. A SOAR solution automates the investigations and responses of security alerts. It is common for IT Professionals to mix up the capabilities of SIEM and SOAR since they tend to work together for the goal of protection. However, these […]