AzureTracks.com investigate using KQL and find deleted or hidden log entries.

Unveil Delete Operations in Azure using KQL

In this blog post, we’ll explore how to wield the mighty KQL to uncover those elusive “delete” actions within your Azure environment. Whether you’re a seasoned cloud explorer or just dipping your toes into the Azure waters, this guide will equip you with the knowledge to track down those vanishing resources.

Posted on 6:58 am

Incident Response Foundations – Identity

In today’s post I talk about responding to a compromised identity in Microsoft Entra ID. There is a lot of advice floating around on what to do and how to respond; I’m bringing experiences and existing guidelines together to provide a solid foundational starting point for identity based incident response in this post.

Posted on 7:12 am

Responding to Incidents in Microsoft Sentinel

Join me to explore next steps once you have investigated an incident. Taking action to respond to the threat in Microsoft Sentinel provides excellent automated response capabilities that can be used to respond to threats in real-time. Let’s explore!

Posted on 7:03 am
AzureTracks Azure News Update

Azure Updates – Number 64 – May 20, 2023

May long weekend edition – summary update on Azure news that includes updates released from Microsoft Azure related to Azure, Architecture, Compute, and Sentinel topics. Save time digging around to find recent releases and changes.

Posted on 11:15 am

Where to find Incident Investigation Artifacts in M365

A common challenge that security teams face is simply not knowing where all the artifacts can be found during an investigation. Microsoft Defender tools are capable of collecting a lot of data, and that can create questions during investigations of where is all this data and how do I find it quickly? Join me for a tour of the basics of Defender data retention periods and where to find that data.

Posted on 7:00 am

M365 Operating Guide for Sec Ops Teams – Use with Microsoft Sentinel

When building out a SOC team, many organizations quickly realize that there are very few silos left in IT when it comes to cloud. Our SOC members need to have cloud platform skills, M365, Exchange, Active Directory, Azure Active Directory, Windows Server, REHL, and so many more skills. To say this a different way; our cloud landscape is flat, and we need members that have a wide band of skills with some specialties mixed in. This is complex to say the least, and with labour challenges in our post-covid world, we need ways to upskill our teams and build out operations manuals and tasks to support those teams.

Posted on 7:30 am