Category: KQL

Section 12 – Mitigate threats using Microsoft Sentinel – Perform data classification and normalization

12th section starting with more Sentinel. This time we are classifying Entities, creating custom log in Log Analytics and parsing the content. So let’s do some designs and configurations. Classify and analyze data by using entities You can do the…

Continue Reading Section 12 – Mitigate threats using Microsoft Sentinel – Perform data classification and normalization

Defender for Cloud security alerts

The scenario You have a Windows server with a public IP-address and RDP (TCP 3389) is exposed to internet. And there is still over 3 million open TCP 3389 ports out there. Stupid right but if you are one of…

Continue Reading Defender for Cloud security alerts

Section 12 – Manage security operations – Configure and manage security monitoring solutions

AZ-500 is continuing with the following: Create and customize alert rules by using Azure Monitor Configure diagnostic logging and log retention by using Azure Monitor Monitor security logs by using Azure Monitor Create and customize alert rules in Azure Sentinel…

Continue Reading Section 12 – Manage security operations – Configure and manage security monitoring solutions