Will your SIEM survive?

“The rise of data and the security data lake” There is a long-standing problem in cybersecurity. There is the ever increasing need to log more sources to provide needed visibility to detect threat activity. The need to ingest raw logs has created an ingestion problem. The SIEM was supposed to be the ultimate solution to … Continue reading Will your SIEM survive?

Automate your SOC – Known Badness

Threat Intelligence Module This post builds upon your initial installation and provides a deeper understanding of each of the modules (log apps) that make up MSTAT. See the links below for earlier posts to build your knowledge on the capabilities of each module. You can also find all related posts by searching this blog. The … Continue reading Automate your SOC – Known Badness

Quick Tip: Monitoring Log Analytics Issues for Microsoft Sentinel

Log Analytics issues are things that should be an important matter for Microsoft Sentinel customers, since the service runs on top of a Log Analytics workspace. And, as such, there should be a mechanism to monitor when issues have been reported. The Azure Monitor team maintains a status blog: https://cda.ms/3kB This blog produces alerts when … Continue reading Quick Tip: Monitoring Log Analytics Issues for Microsoft Sentinel