Category: Microsoft Sentinel
-
Operationalizing MITRE ATT&CK with Microsoft Security (Part 2)
It has been some time since Part 1 of this blog has been posted, you may find it here. First part, focused mainly on the benefits and how to operationalize MITRE ATT&CK at Microsoft Defender XDR while this blog will focus on Microsoft Sentinel. Table of contents Part 2: Microsoft Sentinel Analytics The first, and…
-
Isolated an Endpoint? Automate tag adding and notifications
If you are part of a big organization, you might need to reach out to some colleagues and teams, in case you isolate an endpoint. An end user will probably reach out to your help desk in order to identify if there is an issue with her/his endpoint. Hence, you may want to spare some…
-
Harnessing threat intelligence using externaldata operator
Having a Threat Intelligence Platform (TIP) to maintain Indicators of Compromise (IoCs) is somewhat a standard these days. However, not all organizations use a TIP such as MISP, but this shouldn’t prevent anyone from using threat intelligence feeds for hunting, especially when it comes to Microsoft Defender XDR. Table of Contents What are threat intelligence…
-
The absolute beginner’s guide for hunting with KQL
Building queries for Microsoft 365 Defender or Microsoft Sentinel could be challenging, especially when there are complex requirements which obligate mazelike table data. Be that as it may, it is important to keep a set of simple queries handy to be used immediately in case threat hunting or detecting is required to take place. As…