Azure workbook for cybersecurity patrol

Question

Hello I was wondering if anyone had any queries that would help for a patrol that I am creating? Basically what I am using it for is a workbook for my company to have a quick glance at certain IOC's that could arise such as login failures, suspicious behavior, any use of bad apps like torrent, connection failures, and anything else you would recommend. Specifically anything related to an IOC that would be useful.

I am crating two workbooks for certain users and one for the whole company. So I need to be able to use the query for both all customers and specific ones.

I would greatly appreciate the help thank you.

clive_watson · Answer

Tythadius&nbsp;Maybe start with these 3 workbooks&nbsp; + Azure Activity&nbsp;&nbsp;Also look at Investigation Insights, which has an IOC lookup (toggle "entity")&nbsp;

tythadius · Answer

Clive_WatsonThank you so much. I will definitely use this in the future.

Forum Discussion

Azure workbook for cybersecurity patrol

2 Replies