Azure Sentinel Daily Task: Data Connectors

This is part of a continuing series in relation to the Suggested Daily, Weekly, and Monthly Tasks for Azure Sentinel, which outlines tasks for security analysts. In this article, I’ll talk about investigating incidents as part of a daily regimen for an Azure Sentinel analyst. There’s deeper discussions and training that’s required to get a good … Continue reading Azure Sentinel Daily Task: Data Connectors

Azure Sentinel Daily Task: Analytics Rules

This is part of a continuing series in relation to the Suggested Daily, Weekly, and Monthly Tasks for Azure Sentinel, which outlines tasks for security analysts. In this article, I'll talk about investigating incidents as part of a daily regimen for an Azure Sentinel analyst. There's deeper discussions and training that's required to get a … Continue reading Azure Sentinel Daily Task: Analytics Rules

Azure Sentinel Tip for Table Details and Descriptions

I wrote a recent article that talks about tips for doing Data Sampling for Azure Sentinel. Data Sampling is a method that allows the Sentinel Analyst to figure out where and what data exists in the Log Analytics workspace to help hone KQL queries to produce good data results. Read that here if you missed … Continue reading Azure Sentinel Tip for Table Details and Descriptions

Azure Sentinel Daily Task: Hunting Queries and Bookmarks

This is part of a continuing series in relation to the Suggested Daily, Weekly, and Monthly Tasks for Azure Sentinel, which outlines tasks for security analysts. In this article, I'll talk about investigating incidents as part of a daily regimen for an Azure Sentinel analyst. There's deeper discussions and training that's required to get a … Continue reading Azure Sentinel Daily Task: Hunting Queries and Bookmarks

Azure Sentinel Daily Task: Investigate Incidents

This is part of a continuing series in relation to the Suggested Daily, Weekly, and Monthly Tasks for Azure Sentinel, which outlines tasks for security analysts. In this article, I'll talk about investigating incidents as part of a daily regimen for an Azure Sentinel analyst. There's deeper discussions and training that's required to get a … Continue reading Azure Sentinel Daily Task: Investigate Incidents

Newly Expanded Azure Sentinel Feature for Closing Incidents

Working with Azure Sentinel daily I see new features added regularly. I deliver a weeklong workshop and POC for Azure Sentinel and it's rare that I don't discover something new myself during each workshop and then have to learn it and teach about it on-the-fly. But that's a good thing. As with everything in Azure, … Continue reading Newly Expanded Azure Sentinel Feature for Closing Incidents

Suggested Daily, Weekly, and Monthly Tasks for Azure Sentinel

As more and more customers use Azure Sentinel to view and respond to security alerts and threats within their organization, it becomes more important to set aside some daily, weekly, and monthly tasks to provide care-and-feeding of the product. This vigilance ensures that operations are consistently at peak performance so analysts can focus on securing … Continue reading Suggested Daily, Weekly, and Monthly Tasks for Azure Sentinel

Manually Importing Updates into WSUS

a Question that has been raised by quite a few customers is around importing updates into the SCCM environment, that are not available on WSUS, but are on Microsoft Update. The below steps will guide you through the steps to get the updates into the environment quickly As per the CVV articles that are released, … Continue reading Manually Importing Updates into WSUS

Step by Step: Enforce Require LDAP Signing on domain controllers. Part 2

Introduction On Part 2 of this post, I will show how to request a certificate for a domain controller to use LDAPS, we will see also why we should never use simple bind on clear text. This post is intended to give you an action plan on how you can Enforce Require LDAP Signing on … Continue reading Step by Step: Enforce Require LDAP Signing on domain controllers. Part 2

Step by Step: Enforce Require LDAP Signing on domain controllers. Part 1

Introduction: One of the security settings that Microsoft recommend applying on domain controllers is to Require LDAP Signing. Requiring LDAP signing is one policy setting that can be applied on a few seconds using group policy, but what is the impact of applying this setting in your production environment? In most customer environments I visited, … Continue reading Step by Step: Enforce Require LDAP Signing on domain controllers. Part 1