Jul 10 2022 01:20 AM
Hello I was wondering if anyone had any queries that would help for a patrol that I am creating? Basically what I am using it for is a workbook for my company to have a quick glance at certain IOC's that could arise such as login failures, suspicious behavior, any use of bad apps like torrent, connection failures, and anything else you would recommend. Specifically anything related to an IOC that would be useful.
I am crating two workbooks for certain users and one for the whole company. So I need to be able to use the query for both all customers and specific ones.
I would greatly appreciate the help thank you.
Jul 11 2022 05:55 AM
Maybe start with these 3 workbooks + Azure Activity
Also look at Investigation Insights, which has an IOC lookup (toggle "entity")
Jul 28 2022 08:04 PM