Monitor RDP Brute Force Attack with Azure Sentinel & Azure Security Center
Since the last years, there is a large increase in cybercriminals attempting to run attacks by exploiting the login credentials. With the current work-from-home scenario, more attacks are visible against the RDP protocol. At the moment one of the most...
Review service principals with Azure AD Access Reviews and monitor with Azure Sentinel
A new feature in public preview is the Azure AD access review functionality. With the new AzureAD access reviews function it is possible to review service principals in the Azure environment. With the more growing trend of cloud services and...
Monitor Azure AD break-glass accounts with Microsoft Sentinel
Conditional Access configuration for AzureAD accounts is important. With Conditional Access you can protect easy accounts, block outdated protocols and create more security cases to protect corporate data. An important part of Conditional Access is the usage of break-glass accounts....
Integrate Azure Sentinel with Microsoft Teams for seamlessly collaboration
Working from home became the new normal in most of the work environments. With the increase of working from home also the security impact changed. During security incidents, most of the collaboration will be done with chat, email, or video,...
Use Microsoft technology for the detection and prevention of the SolarWinds chain attack
SolarWinds has revealed how monitoring products it released earlier this year may have been tampered with in a supply chain attack. In this blog post an overview of detection methods and IOC available for the detection and prevention of the...
Collect Microsoft Teams activity in Azure Sentinel and start hunting
Azure Sentinel is a cloud-native security information and event management platform. (SIEM). Sentinel uses AI to analyze large volumes of data. Azure Sentinel is developed based on existing Azure services. Log Analytics and Logic apps are part of the foundation. ...
Inzicht in Brute-force & Password spray attack via Azure Sentinel
Azure Sentinel is een cloud-native Security Information Event Management-oplossing, ook wel bekend als een SIEM-oplossing. Azure Sentinel is cloud-native ontwikkeld op het schaalbare Azure platform en maakt gebruik van meerdere bestaande Azure services. In dit blog een toelichting over de...
Azure Sentinel: Wat kan je met de nieuwe security oplossing van Microsoft?
Azure Sentinel is een van de nieuwste security producten van Microsoft. Maar wat is nu precies het doel van Azure Sentinel binnen de Microsoft omgeving? We gaan er in dit artikel verder op in. Laten we beginnen met de basis...
