Dam the Lake! The foundation of our data “dam” is a pool of information collected from multiple sources. Some data is ingested directly into the data lake storage account. Other data is ingested into the SIEM and later forwarded on to the data lake to meet long-term retention requirements. Typically, 70% of data ingested into … Continue reading Filling Up the Security Data Lake
Sleep Easy: Is Your Terraform State File Securely Backed Up?
Introduction So, you are working with terraform, paving your way to the cloud line by line, storing your terraform state file on an Azure Storage Account and feeling pretty good about yourself. When suddenly it dawns upon you that this file (or files) is getting pretty darn important. And if something happens to it, you … Continue reading Sleep Easy: Is Your Terraform State File Securely Backed Up?
What to bring to the Data Lake?
“Yes – it’s more than bathing suit” Security engineering teams need to develop new skills to provide their security analysts with the necessary depth of data and analytics to perform their jobs effectively. Analysts require this data to be readily available in the SIEM during an incident. We must reduce the speed of triage to … Continue reading What to bring to the Data Lake?
Embracing the Future: Transitioning from Configuration Manager Co-Management to Intune-Only Management
Introduction: In today's fast-paced digital landscape, organizations are continually seeking efficient and flexible solutions to manage their growing fleet of devices. Microsoft Configuration Manager (aka SCCM) has long been the go-to tool for device management, but the rise of cloud-based solutions and the increasing popularity of mobile devices have prompted the need for a more … Continue reading Embracing the Future: Transitioning from Configuration Manager Co-Management to Intune-Only Management
Will your SIEM survive?
“The rise of data and the security data lake” There is a long-standing problem in cybersecurity. There is the ever increasing need to log more sources to provide needed visibility to detect threat activity. The need to ingest raw logs has created an ingestion problem. The SIEM was supposed to be the ultimate solution to … Continue reading Will your SIEM survive?
Code as Code – Managing Azure Automation with Terraform
Introduction Azure Automation is a robust tool that provides administrators with the ability to execute tasks either on Azure or on-premises (through a hybrid worker). If you're familiar with Azure Automation, you've likely configured a lot of settings, including runbooks, schedules, RBAC permissions, variables and PowerShell modules. In certain organizations, these configurations can amount to … Continue reading Code as Code – Managing Azure Automation with Terraform
Microsoft Defender for Server Reference Architecture and Deployment Guide
When coming to deploying Defender for Servers within Microsoft Defender for Cloud, there are a number of considerations and factors which need focus to ensure a successful implementation. My goal here is to provide a reference architecture with steps that show at a high level the core areas of focus, calling out core integrations and … Continue reading Microsoft Defender for Server Reference Architecture and Deployment Guide
Assign M365 license via Graph PowerShell SDK
If you are looking for a easier and a faster way to assign M365 license, then you have landed on the right page. Instead of using the M365 admin portal, Microsoft Graph PowerShell SDK is the new shiny tool to automate the assignment of license. What is Graph PowerShell SDK Microsoft Graph PowerShell Module consists … Continue reading Assign M365 license via Graph PowerShell SDK
Automate your SOC – Known Badness
Threat Intelligence Module This post builds upon your initial installation and provides a deeper understanding of each of the modules (log apps) that make up MSTAT. See the links below for earlier posts to build your knowledge on the capabilities of each module. You can also find all related posts by searching this blog. The … Continue reading Automate your SOC – Known Badness
Automate your SOC – Rise of the machine (risk)
Microsoft Defender for Endpoint We’re back with another edition of Automate your SOC with Microsoft STAT. Today we’re going to discuss the Microsoft Defender for Endpoint module (MDEModule). This module can retrieve a few pieces of information that can enrich your incident. The module can return the risk level and exposure level from MDE from … Continue reading Automate your SOC – Rise of the machine (risk)
You must be logged in to post a comment.