Will your SIEM survive?

“The rise of data and the security data lake” There is a long-standing problem in cybersecurity. There is the ever increasing need to log more sources to provide needed visibility to detect threat activity. The need to ingest raw logs has created an ingestion problem. The SIEM was supposed to be the ultimate solution to … Continue reading Will your SIEM survive?

Code as Code – Managing Azure Automation with Terraform

Introduction Azure Automation is a robust tool that provides administrators with the ability to execute tasks either on Azure or on-premises (through a hybrid worker). If you're familiar with Azure Automation, you've likely configured a lot of settings, including runbooks, schedules, RBAC permissions, variables and PowerShell modules. In certain organizations, these configurations can amount to … Continue reading Code as Code – Managing Azure Automation with Terraform

Microsoft Defender for Server Reference Architecture and Deployment Guide

When coming to deploying Defender for Servers within Microsoft Defender for Cloud, there are a number of considerations and factors which need focus to ensure a successful implementation. My goal here is to provide a reference architecture with steps that show at a high level the core areas of focus, calling out core integrations and … Continue reading Microsoft Defender for Server Reference Architecture and Deployment Guide

Assign M365 license via Graph PowerShell SDK

If you are looking for a easier and a faster way to assign M365 license, then you have landed on the right page.  Instead of using the M365 admin portal, Microsoft Graph PowerShell SDK is the new shiny tool to automate the assignment of license. What is Graph PowerShell SDK Microsoft Graph PowerShell Module consists … Continue reading Assign M365 license via Graph PowerShell SDK

Automate your SOC – Known Badness

Threat Intelligence Module This post builds upon your initial installation and provides a deeper understanding of each of the modules (log apps) that make up MSTAT. See the links below for earlier posts to build your knowledge on the capabilities of each module. You can also find all related posts by searching this blog. The … Continue reading Automate your SOC – Known Badness

Automate your SOC – Rise of the machine (risk)

Microsoft Defender for Endpoint We’re back with another edition of Automate your SOC with Microsoft STAT. Today we’re going to discuss the Microsoft Defender for Endpoint module (MDEModule). This module can retrieve a few pieces of information that can enrich your incident. The module can return the risk level and exposure level from MDE from … Continue reading Automate your SOC – Rise of the machine (risk)

Automate your SOC – Is there anything else going on?

Microsoft Sentinel Related Alerts This post builds upon your initial installation and provides a deeper understanding of each of the modules (log apps) that make up MSTAT. See the links below for earlier posts. You can also find all related posts by searching this blog. The Related Alerts module takes the incident entity data and … Continue reading Automate your SOC – Is there anything else going on?

Automate your SOC – Oh, that user again?

Adding user risk to your STAT playbook Now that you’ve got your first playbook set up, let’s talk about what each module does. We’re going to start with the Azure AD Risks module. This module retrieves several pieces of information to help enrich your incident. The risk level for the users in the incident as … Continue reading Automate your SOC – Oh, that user again?

Azure AD PowerShell to Microsoft Graph PowerShell

Overview: You might have heard about AzureAD PowerShell module deprecation. So, in this article we will summarize the migration between Azure AD PowerShell to Microsoft Graph PowerShell and will provide you with all the relevant info and links in one place, to get you up and running with the new MS Graph Module. The best … Continue reading Azure AD PowerShell to Microsoft Graph PowerShell

Use Winget Windows Package Manager Tool to Install Published Apps using Intune

Now that the Microsoft Store for Business has been retired and the new integration between Intune and the Microsoft Store, we have seen that the specific application you are looking for might not yet be available, but is available on the winget repository. In this blog I will show you how to create such applications … Continue reading Use Winget Windows Package Manager Tool to Install Published Apps using Intune