Security

Creating custom Azure Sentinel Hunting Queries

Security Labs 2019-03-19 0 Comments

Creating a hunting query by clicking on Hunting and New Query

Add a name, Description and the custom query.

You can test the query to see that you get the result you’re looking for

Use the mapping to map columns to entities recognized by Azure Sentinel

Select tactics for the query

The tactics can be used to filter queries

Happy Hunting!

Detect, Security

Azure, Custom Queries, Hunting, Sentinel, SIEM

Managing cybersecurity like a business risk: Part 1—Modeling opportunities and threats 2020-05-28
We often talk about risks only in term.s of potential loss, but most risks have the potential for gain too. To manage cybersecurity as a business risk, we need to better understand the opportunities and risks of key business drivers The post Managing cybersecurity like a business risk: Part 1—Modeling opportunities and threats appeared first […]
4 identity partnerships to help drive better security 2020-05-28
Microsoft identity engineering has expanded product partnerships to help customers transform digitally with Azure AD-integrated solutions. The post 4 identity partnerships to help drive better security appeared first on Microsoft Security.
Zero Trust Deployment Guide for devices 2020-05-26
Guidance on how to make your endpoints one of the strongest. The post Zero Trust Deployment Guide for devices appeared first on Microsoft Security.
Zero Trust and its role in securing the new normal 2020-05-26
As secure remote work becomes the new normal, Microsoft security and Zscaler provide guidance on enabling Zero Trust starting with secure access. The post Zero Trust and its role in securing the new normal appeared first on Microsoft Security.
Build support for open source in your organization 2020-05-21
5 questions that will help you select open source software and 4 recommendations to smooth the internal approval process. Advice from the RSA 2020 panel discussion, Open Source: Promise, Perils and the Path Ahead. The post Build support for open source in your organization appeared first on Microsoft Security.
Success in security: reining in entropy 2020-05-20
Your network is unique. It’s a living, breathing system evolving over time. The applications and users performing these actions are all unique parts of the system, adding degrees of disorder and entropy to your operating environment. The post Success in security: reining in entropy appeared first on Microsoft Security.
Cybersecurity best practices to implement highly secured devices 2020-05-20
If an internet-connected device performs a non-critical function, why does it need to be highly secured? Because any device can be the target of a hacker, and any hacked device can be weaponized. The post Cybersecurity best practices to implement highly secured devices appeared first on Microsoft Security.
Microsoft Build brings new innovations and capabilities to keep developers and customers secure 2020-05-19
As part of this week’s Build virtual event, we’re introducing new Identity innovation to help foster a secure and trustworthy app ecosystem, as well as announcing a number of new capabilities in Azure to help secure customers. The post Microsoft Build brings new innovations and capabilities to keep developers and customers secure appeared first on […]
Operational resilience in a remote work world 2020-05-18
Cybersecurity provides the underpinning to operationally resiliency as more organizations adapt to enabling secure remote work options, whether in the short or long term. The post Operational resilience in a remote work world appeared first on Microsoft Security.
Open-sourcing new COVID-19 threat intelligence 2020-05-14
While the world faces the common threat of COVID-19, defenders are working overtime to protect users all over the globe from cyber-criminals using COVID-19 as a lure to mount attacks. The post Open-sourcing new COVID-19 threat intelligence appeared first on Microsoft Security.