kql Featured Log Analytics - KQL - Log Quiet In this blog post, we'll dive into using Azure's Kusto Query Language (KQL) to identify tables that have not received logs in the last day.
kql KQL Cheat Sheet: The Basics KQL basics, filtering, selecting, aggregating and joining. Must-know queries for you cyber folk.
sentinel What is Microsoft Sentinel? Back to basics: What is Microsoft Sentinel? Should I choose Sentinel or Splunk?
azure Featured Stop Users Creating Azure AD Tenants Stop standard users being able to create an Azure AD tenant by flicking this switch. Prevent data loss prevention and shadow IT.
aws Azure vs GCP vs AWS Which Cloud? AWS, Azure or GCP? Who is more secure? Who has the best security tooling?
azure Featured Microsoft Cloud Security Expert? These documents are your bibles Whether you're new or a seasoned cloud security professional in Azure/Microsoft, these are your bibles to carry with you at all times.
microsoft Featured Join the Microsoft Cloud Security Private Community Welcome to the Cloud Security Private Community. By signing up for the ongoing program, you will receive access to our NDA roadmap calls, design exercises, surveys, and private previews.
logic apps Azure Logic Apps - Inline JS - Convert Security Severity Ratings Convert Microsoft severity ratings from Low, Med, High to integers if your ITSM only supports this using inline JavaScript in Logic Apps.
logic apps Featured Azure Logic Apps - Parsing Output Header Values Do you use Azure logic apps? This is a neat little trick to extract an HTTP header value if you need to.
azure Featured Microsoft Cloud Security Product Name Changes - Ignite 2021 Some exciting news coming out of Ignite 2021 - new name changes for a lot of Microsoft's cloud security ecosystem.
azure Azure AD Editions Azure Active Directory comes in four editions—Free, Microsoft 365 Apps, Premium P1, and Premium P2. The Free edition is included with an Azure subscription.
logic apps Featured Azure Managed Identity Azure managed identity means you don't have to handle credentials anymore. If you use Azure, then you must know about this to secure your environment.
azure Azure Conditional Access - Disable Security Defaults It looks like you're about to manage your organization's security configurations. That's great! You must first disable Security defaults before enabling a Conditional Access policy.
azure Azure AZ-500 Modules These a the modules and labs you'll need to get through the AZ-500 course. Follow the URL through to GitHub for the latest edition.
azure Preparing for the AZ-500 Course The syllabus for the Azure AZ-500 course. This is what you need to get through in order to complete the exam.
aad Azure Active Directory: Threat Hunting - SPN Key Count Azure Service Principals in your tenant should be periodically reviewed just as app registration secrets and passwords should be, see post https://www.cyber.engineer/azure-active-directory-threat-hunting-app-registration-key-count as they both work hand-in-hand. What is a service principal? To access resources that are secured by an Azure AD tenant, the entity that
aad Azure Active Directory: Threat Hunting - App Reg Key Count As part of your organisation's proactive threat hunting, app registrations with secrets and passwords configured should be reviewed to look for any suspicious entries. The following Powershell script which I like to run in CloudShell will give you an overview within your tenant. Service principals work hand-in-hand with app registrations,
azure Featured Azure Defender: Unusual unauthenticated access to your storage account Investigating Azure Defender Unusual unauthenticated access to your storage account. What is the $web container?
azure Featured Azure Sentinel: Adding Threat Indicators Manually You can either have an automated Cyber Threat Intelligence feed (STIX/TAXII) or your threat indicators can be added manually in the form of IP, Domain, URL File hash. Let's run through the manual process.
azure Azure Sentinel: Querying for your Cyber Threat Indicators All CTI entries aren't just available to view in the "Threat Intelligence" page - they are stored in the Log Analytics Workspace table "ThreatIntelligenceIndicator". Here you will find the manually submissions, but also any automated feeds from STIX/TAXII.
sentinel Featured General Availability of Azure Sentinel Threat Intelligence in Public and Azure Government cloud General Availability of Azure Sentinel Threat Intelligence in Public and Azure Government cloud
kql KQL Cheatsheet A page full of useful KQL queries when you need to look for some quick ideas Searching // Search all tables and all data for a keyword. This will look across everything. It's very useful, but can be intensive and may even time out. Make sure to squash the time span
mcas Featured Whitelisting your client's IP Range in MCAS How to whitelist corporate IP range in Microsoft Cloud App Security. Ultimately reducing false positives in your SOC.
