In recent years, an increasing number of customers have requested options to extend retention in Microsoft Defender XDR beyond the default 30 days at a low cost, all with the requirement of having the KQL experience available. Blog information: Feature is... Het bericht How to store Defender XDR data for years in Sentinel data lake without expensive ingestion cost verscheen eerst op Jeffrey Appel - Microsoft Security blog.| Jeffrey Appel – Microsoft Security blog
Microsoft released the new Microsoft Sentinel data lake in public preview this month. With the data lake feature, it is possible to scale and store data more easily for less cost. The new Microsoft Sentinel data lake is a new...| Jeffrey Appel - Microsoft Security blog
In this article, I would like to point out options to identify, monitor and avoid persistent access on Managed Identities privileges by adding federated credentials on User-Assigned Managed Identities (UAMI) from malicious or unauthorized entities. We will also have a quick look at attack paths and privileges which should be considered.| Thomas Naunheim
In the recent parts of the blog post series, we have gone through the various capabilities to detect threats and fine-tune incident enrichment of Workload Identities in Microsoft Entra. This time, we will start to automate the incident response for tackling malicious activities and threats. This includes the usage of Conditional Access for Workload ID but also configuring a Microsoft Sentinel Playbook with the least privileges.| Thomas Naunheim
Before jump over the onboarding of Microsoft Sentinel, let’s understand what MS Sentinel is? Definition: Microsoft Sentinel is a cloud native SIEM(Security information and Event Management) and SOAR(Security orchestration,automation,and response) solution,which delivers intelligent security analytics and threat intelligence. Why do we use it? To act as blue teaming as defensive security against attack detection,threat visibility,proactive hunting and threat response. In this blog we’ll be...| hugs4bugs
Explore the benefits of Microsoft Sentinel for real-time threat detection, seamless integration, and proactive security. The post Why Microsoft Sentinel Is the Next Big Thing in Threat Detection appeared first on GCS Technologies.| GCS Technologies
Here I will share with you my the new edition of my book, Learn KQL in one month.| Syst & Deploy
🎉1 Million Views in my Blog 🎉 When I started writing my blog, it was more of a personal notebook for what I considered important. The amount of information in the field has been exhausting for many…| Sam's Corner
Microsoft Sentinel is a state-of-the-art security information and event management (SIEM) suite hosted in the cloud that allows customers to collect, analyze, and monitor their enterprises for threats.| IPSpecialist
As we approach the fourth anniversary of the Entra ID Attack and Defense Playbook in October 2024, it’s a perfect time to reflect on its evolution and the collective effort that has made it a valuable resource (based on the feedback) for security professionals. The playbook began as a vision to consolidate common attack scenarios […]| Sam's Corner
In a typical enterprise environment, numerous solutions and tools protect the digital landscape. Different tools check emails for phishing attempts, secure infrastructure, and the cloud, and provid…| Sam's Corner
Last spring, I teamed up with the amazing Raghavendra Boddu on a book project that consumed our days and nights for nine months, starting in July 2023 and ending in March 2024. During that time we …| Sam's Corner
Threat hunting is a powerful method of trying to detect stealthy cyber attacks. Threat hunting is an art form and over time you can become a skilled hunter. However, these days we need to do more to detect breaches in our IT environments. One method of trying to lure the attackers and reveal themselves is … Continue reading Microsoft Entra ID Honeypot Accounts with Microsoft Sentinel→| Daniel Chronlund Cloud Security Blog
What’s the definition of an identity-based supply chain attack? An identity-based supply chain attack is a cyberattack that targets a trusted third-party vendor who provides critical supply chain services or software. In recent years, there has been a significant increase in security vulnerabilities related to cloud identities within the context of supply chain attacks. Suppose […]| Sam's Corner
In the ever-evolving landscape of cybersecurity, businesses face mounting challenges in protecting their critical assets from sophisticated threats. Managed Security Service Providers (MSSPs) have emerged as crucial partners, offering expertise and cutting-edge solutions to fortify defenses. In the MSSP (or MSP – Managed Service Provider) scenario, Azure Lighthouse plays a crucial role in providing MSSPs […]| Sam's Corner