Real world business tracks leading towards Azure Services
Join me as I explore getting started with threat hunting using Microsoft Sentinel and KQL to jump-start our investigations. We will dive into a world where we look for anomalies in the data and try to identify potential threats before they can escalate within our environment.
In this post we take a look at using KQL to observe machine status of Azure Arc managed machines. We will look at a couple of examples of how to create some helpful queries and then using those to enable monitoring in Microsoft Sentinel. As organizations adopt a more cloud-centric management model, it is becoming more common to see machines through Azure Arc, but also our Sentinel log collectors via Azure Monitor Agent are deployed using Azure Arc agent; so we need to make sure we can keep tabs on our log collectors and other servers easily.
Today, we embark on a thrilling quest through the Azure cosmos to uncover the secrets of failed create operations using Kusto Query Language (KQL). This quick post will equip you with the knowledge to track down those elusive “create” mishaps and help find clues behind these operations quickly.
In this blog post, we’ll explore how to wield the mighty KQL to uncover those elusive “delete” actions within your Azure environment. Whether you’re a seasoned cloud explorer or just dipping your toes into the Azure waters, this guide will equip you with the knowledge to track down those vanishing resources.
In this post, join me in exploring how to find meaningful actions taken by an administrator in your environment. We will take a look at how to find what changes were made by an individual account. Join me as we dive into auditing logs in Azure and determine if the administrator account is responsible for actions in our environment.
