Cloud Security

Oct 4, 2024

Sentinel Phantom Fields: Understanding and Managing Inaccessible Data

Microsoft has transitioned to a DCR-based log ingestion and manual schema management for tables. Many organizations are adopting this modern approach to parse, filter, and enrich logs during ingestion. While effective, this system can incur unnecessary expenses if not used properly, leading to billable fields that remain inaccessible when querying events. We refer to these […]

Read More
Sentinel Phantom Fields: Understanding and Managing Inaccessible Data
May 23, 2024

Microsoft Copilot for Security Design

We’re excited to continue our series of succinct visual guides with the release of our one-page diagram for Microsoft’s Copilot for Security – poised to revolutionize how Security Operations Center (SOC) analysts handle and analyze security events. With the ability to interpret complex, interrelated security events, generate sharp KQL scripts, integrate enrichments from both Microsoft […]

Read More
Microsoft Copilot for Security Design
Mar 13, 2024

Defender for Cloud and Defender XDR Connectors in Sentinel

Over the past few weeks, Microsoft Defender for Cloud has received multiple updates. Microsoft has introduced a new tenant-level Defender for Cloud connector, replacing the old subscription-level one. Additionally, they have implemented a new functionality, allowing detections from Defender for Cloud to be integrated into Defender XDR, along with detections from other Defender solutions.  There are […]

Read More
Defender for Cloud and Defender XDR Connectors in Sentinel
Sep 18, 2023

From Noise to Action: Analyzing Activity Alerts and Preventing Genuine Threats with Defender for Cloud Apps

If you worked in a SOC, you know that during an analysis, correlating sessions to ide­ntify malicious activity or compromise is necessary, yet hard or impossible to perform, based on the available logs from activity-based alerts from Defender for Cloud Apps. In this blog post, we will go over the following topics: What are the […]

Read More
From Noise to Action: Analyzing Activity Alerts and Preventing Genuine Threats with Defender for Cloud Apps
Jul 13, 2021

Mapping of On-Premises Security Controls Versus Services Offered by Major Cloud Providers

We are happy to publish the fifth version of a diagram that started in March 2017, with just AWS and Azure versus On-Premises. The diagram began as an effort to make a translation between the typical on-premises security controls that everybody, more or less, knows what they do and the various services advertised by major […]

Read More
Mapping of On-Premises Security Controls Versus Services Offered by Major Cloud Providers
Mar 26, 2021

Azure Sentinel Design Update

Azure Sentinel born-in-the-cloud SIEM was released in preview mode in February 2019 and in full general availability in September 2019, however, it has since advanced in bounds and leaps, doubling the number of data connectors, improving visualizations, incident management and building a rich ecosystem of options for SOAR and data enrichment. Combined with a tight […]

Read More
Azure Sentinel Design Update
Sep 28, 2020

Microsoft Security Stack Product Rebranding

Microsoft Security Stack Product Rebranding by Adrian Grigorof, CISSP, CISM, CRISC, CCSK , Marius Mocanu, CISSP, CISM, CEH, SCF Last update: September 28, 2020 On September 22nd, 2020, Microsoft announced a rebranding of their threat protection portfolio as well as an emphasis on its tools becoming a components of  an extended detection and response (XDR) […]

Read More
Microsoft Security Stack Product Rebranding
Sep 13, 2020

Azure Sentinel Design

Azure Sentinel born-in-the-cloud SIEM was released in preview mode in February 2019 and in full general availability in September 2019, however, it has since advanced in bounds and leaps, doubling the number of data connectors, improving visualizations, incident management and building a rich ecosystem of options for SOAR and data enrichment. Combined with a tight […]

Read More
Azure Sentinel Design
Aug 16, 2020

Azure Sentinel Data Connectors

On July 21, 2020 Microsoft announced a new set of Azure Sentinel data connectors for some important security solutions providers. This is great news for our Sentinel customers, as the ability to ingest logs from a wide variety of log sources is one of  top requests, along with data optimization (how can I reduce my […]

Read More
Azure Sentinel Data Connectors
May 10, 2020

Azure Sentinel Incidents & KPI Dashboards

Since its release in preview mode in February 2019, Azure Sentinel has provided the Incidents blade in its portal as a platform to monitor and manage the situation when the configured use cases (alerts) are triggered. As the product evolved in bounds and leaps, the Incidents features has become more mature and now, combined with […]

Read More
Azure Sentinel Incidents & KPI Dashboards
May 3, 2020

Microsoft Cloud App Security Design

Microsoft Cloud App Security (MCAS) has been rated as the number 1 leader CASB product in Gartner’s Magic Quadrant in 2019. As part of Microsoft’s cloud security stack, it provides full integration with other M365 security products, such as ATP, Security Center, Defender ATP and Azure Sentinel. It provides deep visibility and control of SaaS-related […]

Read More
Microsoft Cloud App Security Design
Mar 27, 2020

Azure Sentinel COVID-19 Alerts and IoCs

While the world is struggling to contain the devastating effects of the COVID-19 virus, there are an increasing number of malicious actors attempting to take advantage of it and attack organizations using the desire for information about this virus. At Managed Sentinel, we decided to create and maintain a list of IoCs (IP addresses, domains, […]

Read More
Azure Sentinel COVID-19 Alerts and IoCs
Page 1 of 2
Back to top
12
Close