Description To assist SOC’s (Security Operation Teams) and detection engineers I have pulled together a few examples for detection analytics to identify possible Gootkit execution. Once executed the common next step is a discovery of the network and local host… Continue Reading
A collated list of the most useful documented reference material on all things Azure. Azure Sentinel ☁️ Deploy Sentinel as Code using the Repositories feature in Azure Sentinel. ☁️ Deploying Sentinel as code (the old way :D) & https://github.com/javiersoriano/sentinelascode ☁️… Continue Reading
Overview The Azure Sentinel SIEM allows Security Operations team to detect active threats on the network by creating analytics rules (alerting rules). These rules can be deployed using the Azure Portal or alternatively can be deployed through the Sentinel API… Continue Reading
The Azure Sentinel SIEM built by Microsoft comes with inbuilt ‘data connectors’ to assist you with speeding up the process for log ingestion/onboarding. As of the date of writing this there are currently 63 data connectors supported ‘out of the… Continue Reading
Microsoft Azure Sentinel is a cloud-native SIEM solution built by Microsoft in the Azure cloud. It allows Security professionals to detect, hunt, investigate and respond to threats. Security information and event management (SIEM) technology supports threat detection, compliance and security… Continue Reading
