infernux

Security Monitoring - Threat Modeling and Data Sources

One of the most misunderstood aspects of security monitoring is determining what data sources to use for what purpose. In this post, we will go through the process of determining what data sources to use for what purpose, where to prioritize developing use cases and how to plan for the future.

Posted on August 25, 2024

The idea that ingesting all the data and enabling all the use cases is the best approach to security monitoring is something we have explored time and time again here on this blog. So I thought, instead of just ranting about it, let’s show you how I would go about... [Read More]

Tags: Security Monitoring, Log Management, SIEM, Use Cases, Microsoft Sentinel

Security Monitoring Antipatterns

A little bit of a deconstruction of some antipatterns in Security Operations

Posted on August 19, 2024

Welcome back to another post - this time we are talking about antipatterns. If you don’t know what an antipattern is, we can describe it as almost the polar opposite of best practice, put into a pattern. [Read More]

Tags: Cyber Security, Security Architecture, Antipatterns, Security Monitoring

Adding Graph API permissions to Managed Identities

Making a little note of this in Graph API so it's easy to find for using it

Posted on August 16, 2024

In this post, we will go over how to simply add a Graph API permission to a managed identity. You can view the permissions from the Enterprise Application blade in Entra ID, but not add any new permissions. Instead we have to use Powershell. [Read More]

Tags: Nice to know, Entra ID, Azure, Logic App, Managed Identity

5 Years On - The Microsoft Sentinel Experience

Around 5 years ago, Microsoft announced the general availability of Azure Sentinel. This post aims to assess how far we along we have come - the good, the bad and the ugly.

Posted on July 9, 2024

To briefly prepare you for what you are about to read and the context in which it is written; I work for an MSSP and have been working primarily with Microsoft Sentinel and the Microsoft stack since the release of Sentinel. Some of the things I will talk about and... [Read More]

Tags: Cyber Security, Security Monitoring, Microsoft Sentinel, Microsoft Security

Test Yourself: The Prelude

Some tips, tricks and tools to help you get started testing your own infrastructure. This is the start, where I'll just lay out some basic principles of security that we need to keep in mind moving forward.

Posted on June 21, 2024

Cloud infrastructure is by nature complex, and it’s constantly changing (at least the names, looking at you Defender 365 XDR). At least, it seems that way. Truth is, security in itself hasn’t evolved a lot. Basic security, according to the Microsoft Digital Defense Report from 2023 can help us protect... [Read More]

Tags: Cyber Security, Entra ID, Security Monitoring, Entra ID, Azure, Microsoft 365

security automation blog