SIEM

Jul 25, 2023

Microsoft Sentinel Design - Updated One-Page Diagram

Microsoft Sentinel has introduced a significant number of new features and improvement of existing ones since our last diagram update. Some notable ones are increased incident management options, addition of large number of solutions including data connectors, detection rules and workbooks, content management options such as Workspace Manager, centralized data collection rules via the Azure […]

Read More
Microsoft Sentinel Design - Updated One-Page Diagram
Jul 7, 2021

Threat Detection and Response in EPIC Electronic Medical Record (EMR) Environments

In this blog, we look at using Azure Sentinel and Microsoft XDR technologies to provide effective threat detection and response for EPIC Electronic Medical Record (EMR) environments. CISOs responsible for securing EMR systems have traditionally had a challenging task applying operational monitoring and security controls to these systems for a variety of reasons. Contractual requirements […]

Read More
Threat Detection and Response in EPIC Electronic Medical Record (EMR) Environments
Mar 26, 2021

Azure Sentinel Design Update

Azure Sentinel born-in-the-cloud SIEM was released in preview mode in February 2019 and in full general availability in September 2019, however, it has since advanced in bounds and leaps, doubling the number of data connectors, improving visualizations, incident management and building a rich ecosystem of options for SOAR and data enrichment. Combined with a tight […]

Read More
Azure Sentinel Design Update
Feb 12, 2021

Microsoft Security Stack Coverage

Contact us for full walk-through of this diagram and a review of Microsoft Graph Security integration with the overall Microsoft security stack.

Read More
Microsoft Security Stack Coverage
Nov 29, 2020

Using KQL to Estimate Log Ingestion Volume In Azure Sentinel

Azure Sentinel pricing model is driven by the amount of data ingested for security analytics that is stored in the related Log Analytics workspace. Given the costs of the cloud resources, it is important to be able to estimate future logs space consumption and consider any budget-related implications. Basing the analysis on the past data, […]

Read More
Using KQL to Estimate Log Ingestion Volume In Azure Sentinel
Nov 22, 2020

Microsoft Graph Security Components & API

Microsoft Graph, the Security component was born as a way to represent the threat intelligence information in a form that is closer to the way they attackers approach their targets, as a graph of interconnected systems, with complex relationships between themselves and 3rd party entities. Inside the graph, Microsoft is using their substantial analytical power […]

Read More
Microsoft Graph Security Components & API
Nov 3, 2020

Using Kusto Query Language (KQL) in Azure Sentinel to calculate IIS session times

User sessions are an important aspect of identifying the behavior of web users. In many cases there is a lot of effort on ensuring that a user spends as much time visiting a website as it increase the chance of consuming the services offered by that particular website, be that advertising material, sales, etc. Onboarding […]

Read More
Using Kusto Query Language (KQL) in Azure Sentinel to calculate IIS session times
Oct 22, 2020

Extended Microsoft MDR Service Components

Understanding the components of an extended Microsoft MDR service by Adrian Grigorof, CISSP, CISM, CRISC, CCSK , Marius Mocanu, CISSP, CISM, CEH, SCF October 22, 2020 During our engagements with customers we are always in a situation where we have to explain the differences between various flavors of MDR services and sometimes even the difference […]

Read More
Extended Microsoft MDR Service Components
Oct 12, 2020

Detecting and Mitigating EDoS attacks in Azure Sentinel

Cloud computing is emerging or one would rather say has long time emerged as the panacea for on-demand scalability and elasticity of IT resources and organizations around the world are taking advantage of it at an unprecedented speed. Such scalability comes with a price and cloud resources that are not managed properly can add up […]

Read More
Detecting and Mitigating EDoS attacks in Azure Sentinel
Sep 28, 2020

Microsoft Security Stack Product Rebranding

Microsoft Security Stack Product Rebranding by Adrian Grigorof, CISSP, CISM, CRISC, CCSK , Marius Mocanu, CISSP, CISM, CEH, SCF Last update: September 28, 2020 On September 22nd, 2020, Microsoft announced a rebranding of their threat protection portfolio as well as an emphasis on its tools becoming a components of  an extended detection and response (XDR) […]

Read More
Microsoft Security Stack Product Rebranding
Sep 13, 2020

Azure Sentinel Design

Azure Sentinel born-in-the-cloud SIEM was released in preview mode in February 2019 and in full general availability in September 2019, however, it has since advanced in bounds and leaps, doubling the number of data connectors, improving visualizations, incident management and building a rich ecosystem of options for SOAR and data enrichment. Combined with a tight […]

Read More
Azure Sentinel Design
Aug 16, 2020

Azure Sentinel Data Connectors

On July 21, 2020 Microsoft announced a new set of Azure Sentinel data connectors for some important security solutions providers. This is great news for our Sentinel customers, as the ability to ingest logs from a wide variety of log sources is one of  top requests, along with data optimization (how can I reduce my […]

Read More
Azure Sentinel Data Connectors
Page 1 of 2
Back to top
12
Close