Azure Sentinel Daily Task: Investigate Incidents

This is part of a continuing series in relation to the Suggested Daily, Weekly, and Monthly Tasks for Azure Sentinel, which outlines tasks for security analysts. In this article, I'll talk about investigating incidents as part of a daily regimen for an Azure Sentinel analyst. There's deeper discussions and training that's required to get a … Continue reading Azure Sentinel Daily Task: Investigate Incidents

Newly Expanded Azure Sentinel Feature for Closing Incidents

Working with Azure Sentinel daily I see new features added regularly. I deliver a weeklong workshop and POC for Azure Sentinel and it's rare that I don't discover something new myself during each workshop and then have to learn it and teach about it on-the-fly. But that's a good thing. As with everything in Azure, … Continue reading Newly Expanded Azure Sentinel Feature for Closing Incidents

Understanding Microsoft Security Baselines and Applying Them – Part 1

What are security baselines? Why do I need them? Security Baselines are published by various companies however I will focus strictly on Microsoft Security Baselines, and how to apply them safely in your environment. Microsoft Security Baselines are created to give our customers a benchmark and to utilize the latest features possible, while also guiding … Continue reading Understanding Microsoft Security Baselines and Applying Them – Part 1

Suggested Daily, Weekly, and Monthly Tasks for Azure Sentinel

As more and more customers use Azure Sentinel to view and respond to security alerts and threats within their organization, it becomes more important to set aside some daily, weekly, and monthly tasks to provide care-and-feeding of the product. This vigilance ensures that operations are consistently at peak performance so analysts can focus on securing … Continue reading Suggested Daily, Weekly, and Monthly Tasks for Azure Sentinel

Getting Ready for LDAP Channel Binding & LDAP Signing Changes on March 10 Windows Update

In this blog post, we will deal with March 10 Windows Update and its expected changes regarding LDAP Channel Binding and LDAP Signing. What is LDAP Signing? Is it safe to configure Channel Binding Token? And how can I be sure that LDAP clients will continue to work properly after installing the update? Let's try to answer all of these questions.

Side-Channel Attack Mitigation via GPO (Group Policy Objects)

What is the side-channel attack we need to be aware of? The main side-channel attack we refer to in IT are more specifically the Spectre and Meltdown vulnerabilities. Both of these leveraged a cache-based vulnerability in modern-day CPU's. There have been numerous vulnerabilities linked to the same core-issue but they are treated as individual CVE's and as such have … Continue reading Side-Channel Attack Mitigation via GPO (Group Policy Objects)

Active Directory Based Activation (ADBA) Fails with Error: 0x8007202B

Introduction I was working with a customer recently who could not get clients or servers at a new remote site to activate using Active Directory Based Activation (ADBA). They were getting event ID 8214 as in the image below. Notice in the above where I bold the computer name Client1.Child1.Contoso.local. This means that Client1 is … Continue reading Active Directory Based Activation (ADBA) Fails with Error: 0x8007202B

PowerShell: Active Directory Cleanup – Part 4 – Unsupported Windows Operating Systems

Introduction Welcome to part 4 in my Active Directory Cleanup Series. This part is concentrated on pulling a report of Windows Operating Systems that are obsolete/unsupported. Using this report you can review them and decide if they should be removed or upgraded. Script 1: Long 1 liner. The following script was posted on one of … Continue reading PowerShell: Active Directory Cleanup – Part 4 – Unsupported Windows Operating Systems