Cloud Security

Jan 27, 2020

Azure Sentinel & Log Analytics Tables

Azure Sentinel is using Azure Log Analytics as the backend for the log storage and querying capabilities through Kusto Query Language (KQL). A wealth of information is available from various log sources and they are stored in Log Analytics “tables”. There are many tables created by default, though not always populated with data and many […]

Read More
Azure Sentinel & Log Analytics Tables
Jan 19, 2020

AWS CloudWatch to Azure Sentinel

While talking about Azure Sentinel with cybersecurity professionals we do get the occasional regretful comment on how Sentinel sounds like a great product but their organization has invested significantly in AWS services so implicitly, Sentinel is out-of-scope of potential security controls for their infrastructure. AWS offers the CloudWatch service that is able to collect performance […]

Read More
AWS CloudWatch to Azure Sentinel
Jul 19, 2019

Mapping of On-Premises Security Controls vs Major Cloud Providers

A mapping at the very high level of on-premises security controls to native cloud services that can be used to replicate their specific role. As the cloud services tend to be more granular and overlapping in functionality, the mapping is at best approximate but it may bring some extra awareness on the options available in […]

Read More
Mapping of On-Premises Security Controls vs Major Cloud Providers
Jul 17, 2019

Azure Security Center Components and Relations with Other Services

One of the most common questions that we are receiving about Azure Sentinel is about its functionality compared with Azure Security Center. The diagram below is an attempt to describe the various components of Azure Security Center, its relation with other Azure services, including Azure Sentinel as well as the interaction with non-Azure services and […]

Read More
Azure Security Center Components and Relations with Other Services
Jun 26, 2019

SIEM: Traditional vs. Cloud

This article reflects the TASK Jun 26, 2019 Presentation: Big changes in SIEMs: A comparison of cloud-born and traditional options Ask any cybersecurity professional to quickly tell what SIEM stands for any most will slightly hesitate before coming up with “Security Information and Events Management”, a rather long name that is just the final result […]

Read More
SIEM: Traditional vs. Cloud
May 30, 2019

Azure Sentinel & Jupyter Notebooks

Before going into additional details about what a Jupyter Notebook is, I would like first to have a visual comparison of the analytical functionality offered by Azure Kusto Query Language queries vs. Jupyter Notebook with Python/msticpy/Kqlmagic. If your analytical requirements are limited to those typical to SIEM platforms that allow query of data, extraction of […]

Read More
Azure Sentinel & Jupyter Notebooks
Page 1 of 2
Back to top
12
Close