User Profile
emmanuelnguyen
Copper Contributor
Joined Mar 31, 2020
User Widgets
Recent Discussions
Golden Ticket Event from Azure ATP, going to Azure Sentinel
Hi, I have connected Azure Sentinel with Azure ATP (preview). For test purposes, I did a golden ticket attack on my test environment, to see if this attack can be seen on Azure Sentinel. The event "Suspected Golden Ticket usage" ID 2027, was successfully displayed in Azure ATP Portal, but there isn't this event in my Azure Sentinel. However, when I used PsExec tool, the event "Remote code execution attempt' ID 2019, was successfully displayed in Azure ATP Portal AND Azure Sentinel. So I don't think that my problem is the configuration of the data connector between Azure Sentinel and Azure ATP. Is there a reason for this event not to be displayed in Sentinel ? I have provided some screenshots just in case.2.4KViews0likes1CommentInvestigation Graph through the Hunting Blade ?
Hi all, Is there a way to use the investigation graph through the hunting queries ? I have created a hunting query to find when users are assigned Azure AD roles outside of PIM, with the associated entities (account, IpAddress). Can I investigate with the graph directly or do I have to create an analytic rule each time ? Kind regards, Emmanuel NGUYEN1.2KViews0likes4CommentsRe: Comment/Uncomment multiple lines
Rod_Trent I agree with you, that two slashes "//" are a good and fast way to comment one line. But I think it's too bad that there aren't a way to comment a block/multiple lines with only one shortcut, rather than typing "//" at each line. What is weird is that in the command palette, as GaryBushey said, there is a command line for that "Toggle Block Comment" --> "Shift+Alt+A" but it's not working in my environment. And it seems that I'm not the only one. Thank you for the recommendation about AutoHotkey, although I'm not certain that it will allow me to do this precise operation.37KViews0likes1Comment
Recent Blog Articles
No content to show