Category: Microsoft Sentinel

Section 15 – Hunt for threats using Microsoft Sentinel

Create custom hunting queries Like stated in the last part, all Gallery content has been Centralized to Content hub. You will see the following notification under Custom hunting rules. https://learn.microsoft.com/en-us/azure/sentinel/sentinel-content-centralize If you need inspiration based on MITRE Framework for your…

Continue Reading Section 15 – Hunt for threats using Microsoft Sentinel

Section 14 – Use Microsoft Sentinel workbooks to analyze and interpret data

Activate and customize Microsoft Sentinel workbook templates When we are talking about templates, it’s important to see the following information, you will see this inside your Sentinel workspace. Once you Click on Continue, it will start the migration and show…

Continue Reading Section 14 – Use Microsoft Sentinel workbooks to analyze and interpret data

Section 13 – Mitigate threats using Microsoft Sentinel – Manage Microsoft Sentinel incidents

Triage incidents in Microsoft Sentinel What is Triaging? The SOC’s initial level is triaging. Triaging incoming security situations and assessing their seriousness are the responsibilities of Tier 1 employees. This entails figuring out the incident’s origin, estimating its size, and…

Continue Reading Section 13 – Mitigate threats using Microsoft Sentinel – Manage Microsoft Sentinel incidents

Section 13 – Mitigate threats using Microsoft Sentinel – Configure Security Orchestration, Automation, and Response (SOAR)

13th section starting and this time were are learning on automation, alerts and remediation. Configure automation rules By centrally managing automation rules for event management, users may streamline complicated incident orchestration procedures. Automation rules are triggered by the creation of…

Continue Reading Section 13 – Mitigate threats using Microsoft Sentinel – Configure Security Orchestration, Automation, and Response (SOAR)

Section 12 – Mitigate threats using Microsoft Sentinel – Perform data classification and normalization

12th section starting with more Sentinel. This time we are classifying Entities, creating custom log in Log Analytics and parsing the content. So let’s do some designs and configurations. Classify and analyze data by using entities You can do the…

Continue Reading Section 12 – Mitigate threats using Microsoft Sentinel – Perform data classification and normalization

Section 11 – Mitigate threats using Microsoft Sentinel – Manage Microsoft Sentinel analytics rules

11th section starting with more and more Sentinel. Already in this series we saw that how the different pieces are connected and helping you SOC teams to proactively work on threats. So let’s do some designs and configurations. Design and…

Continue Reading Section 11 – Mitigate threats using Microsoft Sentinel – Manage Microsoft Sentinel analytics rules

Exam cram series for SC-200 exam

Well, finally it’s time for a new part to my study series for Microsoft Security certifications. I have published guides for SC-100 and SC-300 and now it’s times for the “little” ‘sis between. Hopefully you will find this helpful, giving…

Continue Reading Exam cram series for SC-200 exam

Microsoft Defender for Office 365 Detection Details Report

If you want to learn more on from your email security, you could use this template to get and holistic view of what’s going on inside your environment. See here the announcement of the report. Why it matters? You have…

Continue Reading Microsoft Defender for Office 365 Detection Details Report

Certificate-based authentication is generally available!

Microsoft announced today at Ignite 2022 that Certificate-Based Authentication is officially out of preview and ready to use! Why CBA was created? “In May of 2021, the President issued Executive Order 14028, Improving the Nation’s Cybersecurity calling for the Federal Government to modernize…

Continue Reading Certificate-based authentication is generally available!