Now, playbooks can run on selected entity (specific threat actor). Using
both automated response and actions on-demand helps to increase
productivity: Full automation is the best solution for as many
incident-handling, investigation, and mitigation tasks as you're
comfortable automating.
Truly fascinating. Thank you for taking the time to explain what, how,
and everything in between. So many forget about the smaller audience,
like myself, who are learning (but, soaking it up like a sponge). Many
thanks
Very insightful article about the cyber maturity Microsoft is running
behind the scenes. It raises good awareness for the importance of
monitoring tools on all web services that run public to the world. Also
highlights the importance of governance throughout public service's
lifetimes. It would be g...
@Matt_Lowe Is it possible to use this to prevent certain logs from being
ingested? Xpath for DCR is not customization enough for us to drop
certain logs. We are currently trying to drop certain WindowsEvent table
logs(windows event forwarding). This certain event is very noisy and has
no value. We c...
Hello, Very helpful blog thank you. I have a question though , is this
way of automation is recommanded rather than using playbooks/logic apps
to trigger the notebooks i need in the context of SOAR capabilities of
sentinel ? like is it better ? if so how ?
Latest Comments