Threat Hunting with Azure Sentinel

Traditionally, threat hunting has been a manual process in which security team members proactively search and analyze various data sources to detect and isolate potential threats. Azure Sentinel provides powerful search and query tools to proactively hunt for security threats across an organization's data sources, helping you look for new anomalies that weren't detected by … Continue reading Threat Hunting with Azure Sentinel

Getting Started with Azure Sentinel: Part 2

In my previous blog post, I covered getting started with Azure Sentinel, including how to configure and connect it to a data source.  This week I want to talk about the Kusto Query Language (KQL), Azure Workbooks and Playbooks.  Let’s get started with KQL. Kusto Query Language The Kusto Query Language (KQL) is a read-only … Continue reading Getting Started with Azure Sentinel: Part 2

Getting started with Azure Sentinel: Part 1

Security is critical for organizations of all sizes and being able to have visibility across all systems, devices and applications is becoming more important everyday.  Azure Sentinel provides a single solution for threat detection, alerting, security analytics and response management across devices, applications and other cloud providers. How Does Azure Sentinel work? Azure Sentinel collects … Continue reading Getting started with Azure Sentinel: Part 1

Creating a Custom Virtual Machine Image in Azure

Recently I needed to create a custom virtual machine (VM) image in Azure. The Azure Marketplace offers many different templates for operating system (OS) deployments, but sometimes there are situations where you may want to create your own custom image with specific changes to the OS or VM.  In this blog post, I will demonstrate … Continue reading Creating a Custom Virtual Machine Image in Azure