Azure workbook for cybersecurity patrol

Occasional Contributor

Hello I was wondering if anyone had any queries that would help for a patrol that I am creating? Basically what I am using it for is a workbook for my company to have a quick glance at certain IOC's that could arise such as login failures, suspicious behavior, any use of bad apps like torrent, connection failures, and anything else you would recommend. Specifically anything related to an IOC that would be useful. 

I am crating two workbooks for certain users and one for the whole company. So I need to be able to use the query for both all customers and specific ones. 

 

I would greatly appreciate the help thank you. 

2 Replies

@Tythadius

 

Maybe start with these 3 workbooks  + Azure Activity

Clive_Watson_0-1657543951502.png

 

 Also look at Investigation Insights, which has an IOC lookup (toggle "entity")

Clive_Watson_1-1657544079901.png

 





@Clive_Watson

Thank you so much. I will definitely use this in the future.