User Profile
Kausd
MicrosoftJoined 7 years ago
User Widgets
Recent Discussions
Re: Reconnaissance using Directory Services queries
Not sure if you have read about why SAM-R is used in MDI and ATA. In short we use it for building a lateral movement path for sensitive accounts that are tagged sensitive or because of the nature of group they are in they have been marked sensitive. https://docs.microsoft.com/en-us/defender-for-identity/install-step8-samr https://docs.microsoft.com/en-us/defender-for-identity/use-case-lateral-movement-pathRe: KQL query for AntiVirus policy report
Maddenk You could join the two tables mentioned in the query and get a list of configuration id's that are related to your environment DeviceTvmSecureConfigurationAssessment | where ConfigurationSubcategory == 'Antivirus' and IsApplicable == 1 and IsCompliant == 0 // you can remove this line to get all the configuration Id's and then filter later if needed. | join kind=innerunique ( DeviceTvmSecureConfigurationAssessmentKB | project ConfigurationId, ConfigurationName, ConfigurationDescription, RiskDescription, Tags, ConfigurationImpact ) on ConfigurationId | project DeviceName, OSPlatform, ConfigurationId, ConfigurationName, ConfigurationCategory, ConfigurationSubcategory, ConfigurationDescription, RiskDescription, ConfigurationImpact, TagsRe: Learning Azure Sentinel
Bigpraff2526 It is great to hear that you looking to be part of the cyber security community. But let me start with answering your question in a different way. What is Sentinel ? Its a SIEM and SOAR solution and helps you instantly identify threats which other wise are individual low level alerts. So learning Sentinel will not help you much what you need to comprehend is that what is Sentinel , or in that matter any security solution trying to alert you regarding. Try to visualize and alert what could be happening in the back end , what could be the reason for it , can it be a false positive etc.
