Security

Creating custom Azure Sentinel Hunting Queries

Security Labs 2019-03-19 0 Comments

Creating a hunting query by clicking on Hunting and New Query

Add a name, Description and the custom query.

You can test the query to see that you get the result you’re looking for

Use the mapping to map columns to entities recognized by Azure Sentinel

Select tactics for the query

The tactics can be used to filter queries

Happy Hunting!

Detect, Security

Azure, Custom Queries, Hunting, Sentinel, SIEM

Cyberattacks against machine learning systems are more common than you think 2020-10-22
Machine learning (ML) is making incredible transformations in critical areas such as finance, healthcare, and defense, impacting nearly every aspect of our lives. Many businesses, eager to capitalize on advancements in ML, have not scrutinized the security of their ML systems. Today, along with MITRE, and contributions from 11 organizations including IBM, NVIDIA, Bosch, Microsoft… […]
Addressing cybersecurity risk in industrial IoT and OT 2020-10-21
As the industrial Internet of Things (IIoT) and operational technology (OT) continue to evolve and grow, so too, do the responsibilities of the Chief Information Security Officer (CISO). The CISO now needs to mitigate risks from cloud-connected machinery, warehouse systems, and smart devices scattered among hundreds of workstations. Managing those security risks includes the need… […]
CISO Spotlight: How diversity of data (and people) defeats today’s cyber threats 2020-10-20
This year, we have seen five significant security paradigm shifts in our industry. This includes the acknowledgment that the greater the diversity of our data sets, the better the AI and machine learning outcomes. This diversity gives us an advantage over our cyber adversaries and improves our threat intelligence. It allows us to respond swiftly… […]
Announcing the Zero Trust Deployment Center 2020-10-15
Organizations have been digitally transforming at warp speed in response to the way businesses operate and how people work. As a result, digital security teams have been under immense pressure to ensure their environments are resilient and secure. Many have turned to a Zero Trust security model to simplify the security challenges from this transformation and the shift to remote… […]
CISO Stressbusters: 7 tips for weathering the cybersecurity storms 2020-10-15
An essential requirement of being a Chief Information Security Officer (CISO) is stakeholder management. In many organizations, security is still seen as a support function; meaning, any share of the budget you receive may be viewed jealously by other departments. Bringing change to an organization that’s set in its ways can be a challenge (even… […]
Security Unlocked—A new podcast exploring the people and AI that power Microsoft Security solutions 2020-10-14
It’s hard to keep pace with all the changes happening in the world of cybersecurity. Security experts and leaders must continue learning (and unlearning) to stay ahead of the ever-evolving threat landscape. In fact, many of us are in this field because of our desire to continuously challenge ourselves and serve the greater good. So… […]
Becoming resilient by understanding cybersecurity risks: Part 1 2020-10-13
All risks have to be viewed through the lens of the business or organization. While information on cybersecurity risks is plentiful, you can’t prioritize or manage any risk until the impact (and likelihood) to your organization is understood and quantified. This rule of thumb on who should be accountable for risk helps illustrate this relationship:… […]
Advanced protection for web applications in Azure with Radware’s Microsoft Security integration 2020-10-12
This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA here. The state of application security Companies face a wide range of security challenges, such as Open Source Foundation for Application Security Project (OWASP) vulnerabilities, advanced BOT threats and the need to manage BOTs, securing APIs, and protecting against… […]
Trickbot disrupted 2020-10-12
Microsoft took action against the Trickbot botnet, disrupting one of the world’s most persistent malware operations. Microsoft worked with telecommunications providers around the world to disrupt key Trickbot infrastructure. The post Trickbot disrupted appeared first on Microsoft Security.
Sophisticated new Android malware marks the latest evolution of mobile ransomware 2020-10-08
We found a piece of a particularly sophisticated Android ransomware with novel techniques and behavior, exemplifying the rapid evolution of mobile threats that we have also observed on other platforms. The post Sophisticated new Android malware marks the latest evolution of mobile ransomware appeared first on Microsoft Security.