AzureTracks

Detecting Common Email Inbox Rule Manipulation

This article dives deep into the world of Kusto Query Language (KQL) to show you how to create custom analytics rules for detecting high-volume email sends, both internal and external, that might indicate potential security breaches. By leveraging these KQL queries, you can gain valuable insights into your email traffic, identify suspicious patterns, and take proactive measures to safeguard your organization’s data. Targeting a high-risk behaviour from the most recent MDDR, we will explore finding inbox rule compromises on our o365 logs today.

Posted on January 9, 2025 7:00 am

Azure

Building Custom KQL Analytics Rules in Sentinel

In this post I explore using Sentinel to detect, and respond to threats using custom analytics rules using Kusto Query Language (KQL). This allows you to tailor threat detection to your organization’s specific needs, ensuring that no threat goes unnoticed and tuning the detections to exclude low value and noisy results that clutter up the incident queue.

Posted on January 2, 2025 7:07 am

Azure

Azure Updates – Number 105 – December 28, 2024

A summary update on Azure news that includes updates released from Microsoft Azure related to Azure, Architecture, Compute, Security Copilot and Sentinel topics. Save time digging around to find recent releases and changes.

Posted on December 28, 2024 9:18 am

Azure

Azure Updates – Number 104 – December 14, 2024

Posted on December 14, 2024 9:38 am

Azure

Post High Severity Incidents in Sentinel to a Teams Channel

Today we explore incident communication using Teams. One of the great things about Microsoft Sentinel is the ability to integrate with Microsoft Teams, allowing for seamless collaboration and communication during high-severity incident responses. We will take a look at getting Teams working using a step-by-step guide to post summary information from incidents directly to a Teams channel, alerting our SOC team quickly.

Posted on December 12, 2024 6:45 am

Azure

Azure Updates – Number 103 – November 30, 2024

Posted on November 30, 2024 9:00 am

Azure

Integrating Threat Intelligence in Microsoft Sentinel

Join me in exploring the essential topic of integrating Microsoft threat intelligence within Microsoft Sentinel. In an era where cyber threats are becoming increasingly sophisticated, having a robust strategy to ingest and leverage threat intelligence is crucial for any SOC team. Understanding how to implement and utilize threat intelligence in Sentinel, you can significantly enhance your security posture, enabling faster detection and mitigation of potential threats before they escalate.

Posted on November 28, 2024 6:55 am

Azure

Azure Updates – Number 102 – Ignite 2024 Chicago Edition

Posted on November 22, 2024 12:41 pm

Azure

Mastering Data Ingestion in Microsoft Sentinel

In this post, we examine how to review and master your data connectors to optimize ingestion. Organizations worldwide are investing […]

Posted on November 14, 2024 7:02 am

Category: Azure