Tool Release: pwshuploadindicatorsapi

This module is a wrapper for the Microsoft Sentinel related Upload Indicators API, allowing you to upload indicators of compromise (IOC) to a Microsoft Sentinel instance.

Posted on December 27, 2024

You can find the module on PowershellGallery and you can install it by running Install-Module -Name pwshuploadindicatorsapi and Import-Module pwshuploadindicatorsapi. The module is also available on GitHub if you want to contribute or report issues. [Read More]
Tags: Cyber Security, Powershell, Threat Intelligence, MISP, Microsoft Sentinel, Upload Indicators API

Tool Release: pwshmisp

In an attempt to make using MISP easier, I have created a PowerShell module to interact with MISP. The release of this module is the first step towards creating a powershell integration function for pushing data from MISP to Microsoft Sentinel.

Posted on December 23, 2024

You can find the module on PowershellGallery and you can install it by running Install-Module -Name pwshmisp and Import-Module pwshmisp. The module is also available on GitHub if you want to contribute or report issues. [Read More]
Tags: Cyber Security, Powershell, Threat Intelligence, MISP, Microsoft Sentinel

Test Yourself Part 1: Identity

Some tips, tricks and tools to help you get started testing your own infrastructure. This is the part 1 where we'll look into identity and how you can test it.

Posted on October 26, 2024

In the last article called ā€œTest Yourself: The Preludeā€, we talked about some basic principles of security that we need to keep in mind moving forward. In this blog, weā€™re going to focus on identity and how you can start making sure youā€™re secure in that area. If you havenā€™t... [Read More]
Tags: Cyber Security, Entra ID, Security Monitoring, Entra ID, Azure, Microsoft 365

Hardening Entra ID

This is an update to a previous article I wrote on hardening Azure Active Directory. The idea of this update is to provide a table of default settings that I would change in any Entra ID-tenant I manage.

Posted on October 18, 2024

The layout for this article will be quite straightforward. I will create a table for each setting-menu and list the settings I would change. I will also provide a short explanation for why I would change the setting, as well as what the setting is by default. [Read More]
Tags: Microsoft Sentinel, Entra ID, Hardening, Logging, App registration, Enterprise applications, Consent

Security Monitoring - Threat Modeling and Data Sources

One of the most misunderstood aspects of security monitoring is determining what data sources to use for what purpose. In this post, we will go through the process of determining what data sources to use for what purpose, where to prioritize developing use cases and how to plan for the future.

Posted on August 25, 2024

The idea that ingesting all the data and enabling all the use cases is the best approach to security monitoring is something we have explored time and time again here on this blog. So I thought, instead of just ranting about it, letā€™s show you how I would go about... [Read More]
Tags: Security Monitoring, Log Management, SIEM, Use Cases, Microsoft Sentinel