Security

Creating custom Azure Sentinel Hunting Queries

Security Labs 2019-03-19 0 Comments

Creating a hunting query by clicking on Hunting and New Query

Add a name, Description and the custom query.

You can test the query to see that you get the result you’re looking for

Use the mapping to map columns to entities recognized by Azure Sentinel

Select tactics for the query

The tactics can be used to filter queries

Happy Hunting!

Detect, Security

Azure, Custom Queries, Hunting, Sentinel, SIEM

CISO Stressbusters: Post #4: 4 tips for running a highly effective security operation 2020-08-04
CISO Stressbusters provides peer to peer guidance and support on how to alleviate stressful situations in the SOC and on the team. The post CISO Stressbusters: Post #4: 4 tips for running a highly effective security operation appeared first on Microsoft Security.
Microsoft Joins Open Source Security Foundation 2020-08-03
We're excited to announce that that Microsoft is joining industry partners to create the Open Source Security Foundation (OpenSSF), a new cross-industry collaboration hosted at the Linux Foundation. The post Microsoft Joins Open Source Security Foundation appeared first on Microsoft Security.
Inside Microsoft Threat Protection: Solving cross-domain security incidents through the power of correlation analytics 2020-07-29
Through deep correlation logic, Microsoft Threat Protection automatically finds links between related signals across domains. It connects related existing alerts and generates additional alerts where suspicious events that could otherwise be missed can be detected. The post Inside Microsoft Threat Protection: Solving cross-domain security incidents through the power of correlation analytics appeared first on Microsoft […]
Empower your analysts to reduce burnout in your security operations center 2020-07-28
Strategic use of automation and metrics can help you create a continuous learning culture that keeps your team engaged in the work. The post Empower your analysts to reduce burnout in your security operations center appeared first on Microsoft Security.
Guiding principles of our identity strategy: staying ahead of evolving customer needs 2020-07-27
A global pandemic made remote access essential and forced many of professionals to accelerate their digital transformation plans. The post Guiding principles of our identity strategy: staying ahead of evolving customer needs appeared first on Microsoft Security.
Afternoon Cyber Tea: Peak, Plateau, or Plummet? Cyber security trends that are here to stay and how to detect and recover from ransomware attacks 2020-07-23
The rapidity of change in the cyberthreat landscape can be daunting for today’s cyber defense teams. Just as they perfect the ability to block one attack method, adversaries change their approach. The post Afternoon Cyber Tea: Peak, Plateau, or Plummet? Cyber security trends that are here to stay and how to detect and recover from […]
Seeing the big picture: Deep learning-based fusion of behavior signals for threat detection 2020-07-23
Learn how we're using deep learning to build a powerful, high-precision classification model for long sequences of wide-ranging signals occurring at different times. The post Seeing the big picture: Deep learning-based fusion of behavior signals for threat detection appeared first on Microsoft Security.
Preventing data loss and mitigating risk in today’s remote work environment 2020-07-21
New solutions and features—like the new Endpoint Data Loss Prevention—help organizations to protect against data loss and other risks, especially in remote work scenarios. The post Preventing data loss and mitigating risk in today’s remote work environment appeared first on Microsoft Security.
Hello open source security! Managing risk with software composition analysis 2020-07-20
Software composition analysis guides the selection and management of open source components to help you reduce your security risk. The post Hello open source security! Managing risk with software composition analysis appeared first on Microsoft Security.
5 cybersecurity paradigm shifts that will lead to more inclusive digital experiences 2020-07-16
Cybersecurity has proven to be the foundation for digital empathy in a remote workforce. The post 5 cybersecurity paradigm shifts that will lead to more inclusive digital experiences appeared first on Microsoft Security.