security automation blog

The concept of this blogpost is quite simple - we will start with an imaginary company that has identified some threats to their storage accounts and follow the process of detection engineering. The field of detection engineering is in itself quite big and complex, so I will resort to some... [Read More]

So this is mostly a self reference post about the action button in Defender XDR when you select rows returned from an advanced hunting query. I’ve used it in the past, but not really thought about it. I did some light digging and based on this article it’s most likely... [Read More]

Data lake is here, rejoice. It also brings up a bunch of questions, like do I still need Microsoft Sentinel? Yes. Is this just auxiliary logging done well without a lot of complications, like not being able to use the “new” Azure Monitoring Agent and instead having to lean on... [Read More]

I recently did a presentation with the same title as this post and figured it would be a good idea to also type out some of the points made there, as I think it’s valuable. I’ve split it up into three sections (don’t worry, it won’t be three parts) that... [Read More]

Jumping straight into this one, custom detection rules are similar to analytic rules in Microsoft Sentinel, but allow us a limited option of response actions instead of automation rules and playbooks currently. [Read More]