I recently did a presentation with the same title as this post and figured it would be a good idea to also type out some of the points made there, as I think it’s valuable. I’ve split it up into three sections (don’t worry, it won’t be three parts) that...
[Read More]
Defender XDR - Custom Detection Rules Push/Pull via API
A little primer to pushing and pulling new content via the graph beta API
Jumping straight into this one, custom detection rules are similar to analytic rules in Microsoft Sentinel, but allow us a limited option of response actions instead of automation rules and playbooks currently.
[Read More]
Azure Spring Clean - Maestering Azure Tenant Security
A look into how we can utilize Maester to secure our Azure Tenant with a sprinkle of AI on top
Welcome back! This time, I’m writing a contribution to the Azure Spring Clean running in March 2025. It’s a community effort, so very happy to contribute. Please visit Azure Spring Clean for more content from the community!
[Read More]
Workspace Transformation Rules in Practice
This post will show you two very useful workspace transformation rules that you can use to save money on your data ingestion in Microsoft Sentinel.
Workspace transformation rules are defined in data collection rules and use kusto query language (KQL) in order to transform data in the cloud pipeline, before ingestion into Microsoft Sentinel.
[Read More]
Expanding on Cyber Threat Intelligence for Security Monitoring
Three levels of detection engineering using Threat Intelligence as our guiding light
This blog will serve as a guide to understanding how we can use Cyber Threat Intelligence (CTI) for detection in more ways than just raw data points. For some context, I wrote a little introduction on this topic earlier in January - the main point was that most people in...
[Read More]