“Getting value out of your data lake” For the first time in the security industry, we are seeing security operations teams and data analytics teams working together. This positive development illustrates that security data has value to everyone and can be shared throughout a company. It is important to take control of your data destiny, … Continue reading Big Lake = Big Value
Tag: Microsoft Sentinel
Automate your SOC – All in One
Solution Series for the SOC Automation Series Welcome to the SOCAUTOMATORS series on automating your security operations center. This series of blog posts will help you understand the value of assigning scores to your incidents and serves as an introduction to the Microsoft Sentinel Triage Assistant solution. 88 percent of organizations receive up to 500 … Continue reading Automate your SOC – All in One
Automate your SOC – Welcome to the VIP Room
Watchlist Module Welcome back to the SOCAutomator series. Did you miss us? Today we’re going to dig into how the STAT module works with Microsoft Sentinel watchlists. But first, let’s define what a watchlist is. Analysts often need the ability to correlate security events and insights with other non-security data sources, such as lists of … Continue reading Automate your SOC – Welcome to the VIP Room
Filling Up the Security Data Lake
Dam the Lake! The foundation of our data “dam” is a pool of information collected from multiple sources. Some data is ingested directly into the data lake storage account. Other data is ingested into the SIEM and later forwarded on to the data lake to meet long-term retention requirements. Typically, 70% of data ingested into … Continue reading Filling Up the Security Data Lake
Microsoft Defender for Server Reference Architecture and Deployment Guide
When coming to deploying Defender for Servers within Microsoft Defender for Cloud, there are a number of considerations and factors which need focus to ensure a successful implementation. My goal here is to provide a reference architecture with steps that show at a high level the core areas of focus, calling out core integrations and … Continue reading Microsoft Defender for Server Reference Architecture and Deployment Guide
Automate your SOC – Known Badness
Threat Intelligence Module This post builds upon your initial installation and provides a deeper understanding of each of the modules (log apps) that make up MSTAT. See the links below for earlier posts to build your knowledge on the capabilities of each module. You can also find all related posts by searching this blog. The … Continue reading Automate your SOC – Known Badness
Automate your SOC – Rise of the machine (risk)
Microsoft Defender for Endpoint We’re back with another edition of Automate your SOC with Microsoft STAT. Today we’re going to discuss the Microsoft Defender for Endpoint module (MDEModule). This module can retrieve a few pieces of information that can enrich your incident. The module can return the risk level and exposure level from MDE from … Continue reading Automate your SOC – Rise of the machine (risk)
Automate your SOC – Oh, that user again?
Adding user risk to your STAT playbook Now that you’ve got your first playbook set up, let’s talk about what each module does. We’re going to start with the Azure AD Risks module. This module retrieves several pieces of information to help enrich your incident. The risk level for the users in the incident as … Continue reading Automate your SOC – Oh, that user again?
Automate your SOC – Noise is the enemy of speed
As you can imagine, Microsoft has a massive security footprint. We’ve published previously that we get more than 20 billion cybersecurity events per day. That is an incredible number and you can imagine how difficult it must be to sort through all that data to find real threats. You may not have that many events, … Continue reading Automate your SOC – Noise is the enemy of speed
Automate your SOC – Let’s talk about STAT, baby
Let's talk about SIEM and me...let's talk about all the good things Last week, we talked about automating your SOC with the Microsoft Sentinel Triage Assistant (STAT). So this week, we thought it would be a good idea to talk about how to get STAT deployed in your Sentinel environment. Remember that STAT consists of … Continue reading Automate your SOC – Let’s talk about STAT, baby
You must be logged in to post a comment.