Tag: kql

Azure
0

Monitoring and Analytics with Azure Monitor

In modern cloud environments, maintaining the health and performance of applications is critical. Azure Monitor provides a full-stack monitoring solution that enables organizations to track metrics, diagnose issues, and gain deep insights into their applications and infrastructure. Whether monitoring virtual machines (VMs), Kubernetes clusters, databases, or application services, Azure Monitor ensures optimal performance with proactive alerts, AI-powered analytics, and advanced telemetry capabilities.
This article explores how to configure and use Azure Monitor for real-time observability, troubleshooting, and optimization.

Posted on 7:10 am
Azure
0

Detecting Common Email Inbox Rule Manipulation

This article dives deep into the world of Kusto Query Language (KQL) to show you how to create custom analytics rules for detecting high-volume email sends, both internal and external, that might indicate potential security breaches. By leveraging these KQL queries, you can gain valuable insights into your email traffic, identify suspicious patterns, and take proactive measures to safeguard your organization’s data. Targeting a high-risk behaviour from the most recent MDDR, we will explore finding inbox rule compromises on our o365 logs today.

Posted on 7:00 am
Azure
0
AzureTracks.com - Building Customized Analytics Queries in Sentinel - Pictured is a stack of high powered servers storing data that we can query quickly using KQL.

Building Custom KQL Analytics Rules in Sentinel

In this post I explore using Sentinel to detect, and respond to threats using custom analytics rules using Kusto Query Language (KQL).  This allows you to tailor threat detection to your organization’s specific needs, ensuring that no threat goes unnoticed and tuning the detections to exclude low value and noisy results that clutter up the incident queue.

Posted on 7:07 am
Azure
0
AzureTracks.com - Using Threat Intelligence in Analytics Rules with Sentinel - Image shows a robot surrounded by technology and swirls of data.

Integrating Threat Intelligence in Microsoft Sentinel

Join me in exploring the essential topic of integrating Microsoft threat intelligence within Microsoft Sentinel.  In an era where cyber threats are becoming increasingly sophisticated, having a robust strategy to ingest and leverage threat intelligence is crucial for any SOC team.  Understanding how to implement and utilize threat intelligence in Sentinel, you can significantly enhance your security posture, enabling faster detection and mitigation of potential threats before they escalate.

Posted on 6:55 am
Azure
0
AzureTracks.com Microsoft Sentinel Health Check

How to Check the Health State of Microsoft Sentinel

Now that you have it deployed and collecting data, how to you monitor the health state of all the connectors and rules? One of the challenges with Sentinel is that this is often overlooked and data connectors can go days or weeks missing valuable logs without detection. In this post, we look at how to make your data collection more robust and create a way to tell you about broken tooling.

Posted on 7:05 am
Azure
0
Belgian Malinois IT Security Dog

Microsoft Sentinel Governance Deep-Dive Part 2

This week continues our look at an ongoing set of Governance tasks that we can do to keep our Sentinel instances working smoothly and helping our SOC team stay focused on handling Incidents and threat hunting. Today we continue our detailed look at not only what to review, but walking through the steps together. In today’s article we will review even more deep-dive details on how to optimize and maintain your Sentinel instances in a meaningful and optimized fashion. This week, we talk data management, automations, and RBAC.

Posted on 7:10 am