top of page
CYBER #ART (MICROSOFT SENTINEL) BLOG
Azure: Can you GA? TryHackMe Challenge Walkthrough
This article is a walkthrough for Azure:Can you GA. This challenge is a part of Defending Azure learning path within TryHackMe
-
Apr 227 min read
Â
Â
Â
Directory Traversal Detected Analytic Rule
High Level Overview: A directory traversal attack  (also called path traversal ) is a type of web attack  where an attacker tries to...
-
Feb 157 min read
Â
Â
Â
Potential Lateral Movement via RDP Detected
High Level Overview: Quick Deploy: Description: Â This query detects potential lateral movement within a network by identifying when an...
-
Jan 118 min read
Â
Â
Â
Microsoft Sentinel Cost-Efficient Ingestion with DCR Transformations : Streamlining Syslog Data
Overview  Data Collection Rules are standard configuration files that is usually leveraged by Azure Monitor Agent. This tells Azure...
-
Jan 28 min read
Â
Â
Â
Ingest Open Source Indicators of Compromise - Threat Intel
In this blog post, I show how to ingest Open Source TI Feeds by leveraging Azure Logic Apps and Microsoft Sentinel REST API.
-
May 5, 20246 min read
Â
Â
Â
Detect Failed Logins on Window and leverage Watchlist and Automation using Microsoft Sentinel
This article will explain how to trigger alerts and incidents for failed logins on Windows machines.
-
Jan 20, 20243 min read
Â
Â
Â
Kusto Detective - SANS Holiday 2023
Walkthrough for Kusto Detective SANS Holiday 2023 challenge
-
Jan 14, 20244 min read
Â
Â
Â
KQL to find Geo Details and Threat Score
Threat Intelligence and find geo-details of an IP
-
Jan 7, 20244 min read
Â
Â
Â
Detect failed logins on a Linux Machine in Azure using Microsoft Sentinel
This article will explain how to generate alerts and incidents for failed logins on Linux machines. This can be particularly useful to the S
-
Jan 5, 20243 min read
Â
Â
Â
bottom of page