When setting up your SIEM, ingesting logs from Active Directory is essential. This blog dives into the two options for ingesting AD logs and compare their strengths and weaknesses.
Although Sentinel makes it easy to onboard many data sources fast, it is important to keep cost in perspective. Start with prioritizing the data connectors that provide the most useful data, and then work your way down.
This article continues the discussion of the main steps needed to mitigate a zero-day threat Using Microsoft 365 Defender and Sentinel.
This article discusses the four main steps to mitigate a zero-day threat Using Microsoft 365 Defender and Sentinel.
Kusto Query Language, or KQL for short, is omnipresent in the Microsoft world and is used in different product stacks. Like any language, KQL can be challenging to understand and know where to start. This article is intended to help newcomers to get started.
When you deploy Microsoft Sentinel, one of the most important design decisions is determining the appropriate data retention period.
Microsoft Sentinel is Microsoft's log aggregator. Along with other data, Sentinel can ingest events from the Office 365 audit log. Once ingested, we can visualize the data through workbooks. If you have an Azure subscription, it's surprisingly easy to take advantage of the 31-day trial to see if Sentinel can do a job for your organization. Follow our steps and you'll be visualizing quickly.
Continuing our review of practices to protect cloud infrastructures from weaknesses that can be introduced from on-premises accounts, we consider admin rights, authentication, and conditional access policies. Plus the need to collect and analyze the log data available in cloud environments to make sure that nothing nasty is slipping through.
