At the end of March 2023, CISA released a new tool called ‘Untitled Goose.’ It is a post-incident hunting tool to help security practitioners sift through security logs in the Microsoft Cloud. In this blog, we discuss the tool, its uses, and our opinion on it.
Are you looking to add some extra security to your small organization? Microsoft Defender for Business may be the right fit. Learn more about the capabilities of Microsoft Defender for Business and how it compares to other Microsoft Defender Plans.
As organizations move to the cloud, on-premises environments (and their security) are put in the background as the focus shifts to the cloud. Nevertheless, most organizations I know are in a hybrid scenario where the on-premises environment holds the master data and synchronizes everything into Azure Active Directory. This blog explores how an on-premises environment is connected to the cloud and how an attacker might move from on-premises to the cloud laterally.
Automation is a big part of Sentinel, as it helps security administrators fight the spew of alerts generated by the different security solutions. In this article, we dive into some common use cases for automation and how to utilize Playbooks within Microsoft Sentinel.
When setting up your SIEM, ingesting logs from Active Directory is essential. This blog dives into the two options for ingesting AD logs and compare their strengths and weaknesses.
Although Sentinel makes it easy to onboard many data sources fast, it is important to keep cost in perspective. Start with prioritizing the data connectors that provide the most useful data, and then work your way down.
This article continues the discussion of the main steps needed to mitigate a zero-day threat Using Microsoft 365 Defender and Sentinel.
With the move to the cloud, many organizations synchronize identities to Azure Active Directory. This makes an attacker’s job easier as they have a single point where they can attempt to compromise accounts. In this article, Thijs Lecomte walks through the protection and detection mechanisms available to repel password spray attacks.
This article discusses the four main steps to mitigate a zero-day threat Using Microsoft 365 Defender and Sentinel.
Kusto Query Language, or KQL for short, is omnipresent in the Microsoft world and is used in different product stacks. Like any language, KQL can be challenging to understand and know where to start. This article is intended to help newcomers to get started.
When you deploy Microsoft Sentinel, one of the most important design decisions is determining the appropriate data retention period.
Earlier this month, Microsoft announced two new products in the Microsoft cloud Security stack. Both products were acquired from reputable tech companies in the space.
