Azure Spring Clean - Maestering Azure Tenant Security
A look into how we can utilize Maester to secure our Azure Tenant with a sprinkle of AI on top
Posted on February 28, 2025
Welcome back! This time, Iโm writing a contribution to the Azure Spring Clean running in March 2025. Itโs a community effort, so very happy to contribute. Please visit Azure Spring Clean for more content from the community!
[Read More]
Tags:
Cyber Security, Entra ID, Maester, Azure, Microsoft 365
Workspace Transformation Rules in Practice
This post will show you two very useful workspace transformation rules that you can use to save money on your data ingestion in Microsoft Sentinel.
Posted on February 24, 2025
Workspace transformation rules are defined in data collection rules and use kusto query language (KQL) in order to transform data in the cloud pipeline, before ingestion into Microsoft Sentinel.
[Read More]
Tags:
Cyber Security, Microsoft Sentinel, Azure, Log Analytics, Workspace Transformation Rules, Data Collection Rules
Expanding on Cyber Threat Intelligence for Security Monitoring
Three levels of detection engineering using Threat Intelligence as our guiding light
Posted on January 26, 2025
This blog will serve as a guide to understanding how we can use Cyber Threat Intelligence (CTI) for detection in more ways than just raw data points. For some context, I wrote a little introduction on this topic earlier in January - the main point was that most people in...
[Read More]
Tags:
Cyber Security, Security Monitoring, Threat Intelligence, MISP, Cyber Threat Intelligence, Detection
On the use of Threat Intelligence in Detection
If applied correctly, Threat Intelligence can be a useful tool in your belt. Mostly, however, it might be barking up the wrong tree depending on your maturity level. Let's explore that!
Posted on January 12, 2025
First things first, for those who might be wondering - what is Cyber Threat Intelligence (CTI)? Well, for starters, itโs data. Data that is collected processed, and analyzed to understand the threat landscape. This data can be used to make informed decisions and take actions to protect your organization.
[Read More]
Tags:
Cyber Security, Security Monitoring, Threat Intelligence, MISP, Cyber Threat Intelligence, Detection
Tool Release: pwshuploadindicatorsapi
This module is a wrapper for the Microsoft Sentinel related Upload Indicators API, allowing you to upload indicators of compromise (IOC) to a Microsoft Sentinel instance.
Posted on December 27, 2024
You can find the module on PowershellGallery and you can install it by running Install-Module -Name pwshuploadindicatorsapi and Import-Module pwshuploadindicatorsapi. The module is also available on GitHub if you want to contribute or report issues.
[Read More]
Tags:
Cyber Security, Powershell, Threat Intelligence, MISP, Microsoft Sentinel, Upload Indicators API
