Automate your SOC – Oh, that user again?

Adding user risk to your STAT playbook Now that you’ve got your first playbook set up, let’s talk about what each module does. We’re going to start with the Azure AD Risks module. This module retrieves several pieces of information to help enrich your incident. The risk level for the users in the incident as … Continue reading Automate your SOC – Oh, that user again?

Azure AD PowerShell to Microsoft Graph PowerShell

Overview: You might have heard about AzureAD PowerShell module deprecation. So, in this article we will summarize the migration between Azure AD PowerShell to Microsoft Graph PowerShell and will provide you with all the relevant info and links in one place, to get you up and running with the new MS Graph Module. The best … Continue reading Azure AD PowerShell to Microsoft Graph PowerShell

Use Winget Windows Package Manager Tool to Install Published Apps using Intune

Now that the Microsoft Store for Business has been retired and the new integration between Intune and the Microsoft Store, we have seen that the specific application you are looking for might not yet be available, but is available on the winget repository. In this blog I will show you how to create such applications … Continue reading Use Winget Windows Package Manager Tool to Install Published Apps using Intune

Automate your SOC – Risky Business

Giving your incidents a risk score So, you’ve installed STAT using the deployment ARM template? Yes, ok let’s go. If not, see our tutorial on getting it installed here. Let’s start by navigating to your Logic Apps blade in the Azure portal. Here you will see that STAT installed fifteen logic apps. We will go … Continue reading Automate your SOC – Risky Business

Automate your SOC – Noise is the enemy of speed

As you can imagine, Microsoft has a massive security footprint. We’ve published previously that we get more than 20 billion cybersecurity events per day. That is an incredible number and you can imagine how difficult it must be to sort through all that data to find real threats. You may not have that many events, … Continue reading Automate your SOC – Noise is the enemy of speed

Automate your SOC – Let’s talk about STAT, baby

Let's talk about SIEM and me...let's talk about all the good things Last week, we talked about automating your SOC with the Microsoft Sentinel Triage Assistant (STAT). So this week, we thought it would be a good idea to talk about how to get STAT deployed in your Sentinel environment. Remember that STAT consists of … Continue reading Automate your SOC – Let’s talk about STAT, baby

Let’s automate your SOC

Intro to Microsoft Sentinel Triage Assistant (STAT) We wanted to jump right in to help you automate your security operations by introducing the Microsoft Sentinel Triage Assistant or STAT for short. STAT is built on a series of Azure Logic Apps which can be integrated into Microsoft Sentinel, Azure Active Directory, and the 365 Defender … Continue reading Let’s automate your SOC