Is it Time for an Analyst Assistant for Azure Sentinel?

Just a fun little blog post. Nothing serious here, just wanted to bring some joy into your life. I posted earlier about our new Incident Response Playbooks. These are awesome. And, if more of these are made available consistently, SOCs will have a great resource with which to build policies, procedures, and workflows specific to … Continue reading Is it Time for an Analyst Assistant for Azure Sentinel?

Incident Response Playbooks are the Guidance You Need

A new section has been developed and released in our Security Best Practices section of the docs platform. With hope that this will be built out further and we'll see additional guidance released, the Incident Response Playbooks section contains the following to start: PhishingPassword sprayApp consent grant Bookmark this page and watch for updates. These … Continue reading Incident Response Playbooks are the Guidance You Need

How to Use Azure Sentinel to Protect Against the Exchange Zero-day

If you've not heard by now and this is your first time hearing it, there's a 0-day in the wild that has been dubbed "HAFNIUM." HAFNIUM targets the following Exchange server versions: Microsoft Exchange Server 2013  Microsoft Exchange Server 2016  Microsoft Exchange Server 2019  Exchange Online is not affected.  The vulnerabilities being exploited are CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and … Continue reading How to Use Azure Sentinel to Protect Against the Exchange Zero-day

Security – “The Best Christmas Gift, Securing your Accounts (‘Tis the season to be hacked on Facebook)”

Issue It's December and time to let your hair down. It could be a time to relax, do some reading or even take time to upskill in a new technology. Perhaps catch up with friends and family. But if you think you can completely relax just remember, your identities on-the-line(Vince Vaughn) are open and exposed … Continue reading Security – “The Best Christmas Gift, Securing your Accounts (‘Tis the season to be hacked on Facebook)”

MITRE ATT&CK Framework Reference Workbook for Azure Sentinel Updated with Latest Techniques

The MITRE Corporation today has announced some changes in it's tactics techniques, including the sunsetting of the PRE-ATT&ACK component only more recently announced. Per the release page: Retirement of PRE-ATT&CK - This release deprecates and removes the PRE-ATT&CK domain from ATT&CK, replacing its scope with two new Tactics in Enterprise ATT&CK Reconnaissance and Resource Development. … Continue reading MITRE ATT&CK Framework Reference Workbook for Azure Sentinel Updated with Latest Techniques

Microsoft Endpoint Manager – “Defeating Vulnerability Scans”

The Issue In Operations you may get approached by your Security Team from time to time to help them close new Vulnerabilities that have been identified after a Vulnerability Scan was run. It might look like the below and contain a list of Vulnerabilities that need to be addressed. The Investigation If you are lucky … Continue reading Microsoft Endpoint Manager – “Defeating Vulnerability Scans”

Using Microsoft To-do as a Simple Ticketing System for Azure Sentinel

A customer recently wanted me to suggest a very simple, cost-worthy service ticketing system they could use with Azure Sentinel. The following ended up serving the customer's needs. Microsoft To-do can be a powerful tool for those that like to separate their schedule items from their task lists. For many Office 365 customers, they may … Continue reading Using Microsoft To-do as a Simple Ticketing System for Azure Sentinel

Resolving WindowsFirewall Log Ingestion Problems for Azure Sentinel

This problem has come up enough in the last month or so that its worth a quick-hit blog post to help folks resolve it. The problem: You enable the Windows Firewall Data Connector in Azure Sentinel, follow the directions, and make sure the Log Analytics agent is installed on the remote system - but the … Continue reading Resolving WindowsFirewall Log Ingestion Problems for Azure Sentinel

Azure Sentinel Daily Task: Data Connectors

This is part of a continuing series in relation to the Suggested Daily, Weekly, and Monthly Tasks for Azure Sentinel, which outlines tasks for security analysts. In this article, I’ll talk about investigating incidents as part of a daily regimen for an Azure Sentinel analyst. There’s deeper discussions and training that’s required to get a good … Continue reading Azure Sentinel Daily Task: Data Connectors

Azure Sentinel Daily Task: Analytics Rules

This is part of a continuing series in relation to the Suggested Daily, Weekly, and Monthly Tasks for Azure Sentinel, which outlines tasks for security analysts. In this article, I'll talk about investigating incidents as part of a daily regimen for an Azure Sentinel analyst. There's deeper discussions and training that's required to get a … Continue reading Azure Sentinel Daily Task: Analytics Rules