Automation is a big part of Sentinel, as it helps security administrators fight the spew of alerts generated by the different security solutions. In this article, we dive into some common use cases for automation and how to utilize Playbooks within Microsoft Sentinel.
When setting up your SIEM, ingesting logs from Active Directory is essential. This blog dives into the two options for ingesting AD logs and compare their strengths and weaknesses.
Although Sentinel makes it easy to onboard many data sources fast, it is important to keep cost in perspective. Start with prioritizing the data connectors that provide the most useful data, and then work your way down.
This article continues the discussion of the main steps needed to mitigate a zero-day threat Using Microsoft 365 Defender and Sentinel.
With the move to the cloud, many organizations synchronize identities to Azure Active Directory. This makes an attacker’s job easier as they have a single point where they can attempt to compromise accounts. In this article, Thijs Lecomte walks through the protection and detection mechanisms available to repel password spray attacks.
This article discusses the four main steps to mitigate a zero-day threat Using Microsoft 365 Defender and Sentinel.
Kusto Query Language, or KQL for short, is omnipresent in the Microsoft world and is used in different product stacks. Like any language, KQL can be challenging to understand and know where to start. This article is intended to help newcomers to get started.
When you deploy Microsoft Sentinel, one of the most important design decisions is determining the appropriate data retention period.
Earlier this month, Microsoft announced two new products in the Microsoft cloud Security stack. Both products were acquired from reputable tech companies in the space.
Managing inactive devices is a confusing concept for an administrator just starting with Microsoft Defender for Endpoint. This article will provide key insights on how organizations can handle inactive devices within Microsoft Defender for Endpoint.
Microsoft Defender for Endpoint is not a product you roll out and forget. To get the most out of this tool on a day-to-day basis, we walk through some actions administrators should be doing to keep current with the product.
Security Defaults is a control in Azure Active Directory which has been around since 2019 and is enabled by default on new tenants created after October 2019. Microsoft recently announced they will now start turning on Azure AD security defaults for existing tenants. Throughout this blog we will explore what this means and if Security Defaults is the right fit for your organization.
