Securing On-Premises AD with Azure Sentinel

Introduction: The majority of organizations are operating in a hybrid state, which means that a lot of organizations still have to deal with their On-Premises Active Directory environment. Active Directory exists for more than a decade, but it hasn’t always been secured properly. Multiple changes are configured everyday, and it’s hard to find out, whichContinue reading “Securing On-Premises AD with Azure Sentinel”

Hunting TTPs with Azure Sentinel

Introduction: Azure Sentinel is a cloud native SIEM solution that leverages, the power of Artificial Intelligence to analyze large data volumes at scale. It provides a lot of capabilities and it’s a solution that I highly can recommend to both SOC Analysts and Threat Hunters. Today in my blog post. I’m going to describe aContinue reading “Hunting TTPs with Azure Sentinel”

Kusto Query Internals – Azure Sentinel Reference

Folks, Since a lot of people are into Azure Sentinel. I’ve decided to share a documentation that walks you through the different steps to understand the basic concepts of Kusto Query Language (KQL). KQL is the core fundamentals in Azure Sentinel to search and analyze data. This is also why it’s worth to understand howContinue reading “Kusto Query Internals – Azure Sentinel Reference”

Mitigate RDP attacks on Azure VM’s with Just-in-Time Access

Introduction There are organizations who have migrated some of their on-premise machines to the Cloud of Azure, because it can reduce the workload. What’s great about this is the fact, that you don’t need to maintain all the physical hardware anymore. However it’s becomes a shared responsibility, when you have resources running in Azure. ThisContinue reading “Mitigate RDP attacks on Azure VM’s with Just-in-Time Access”