Detect Network beaconing via Intra-Request time delta patterns in Azure Sentinel
This article will discuss the use case of detecting network beaconing via intra-request time delta patterns using KQL (Kusto query language) in Azure Sentinel. The logic or technique of the use-case was originally discussed at threat hunting project here and also blogged with the open source network analytics tool (flare) implementation by huntoperator here. Implementing this technique natively using KQL allows defenders to quickly apply it over multiple network data sources and easily set up alerts within Azure Sentinel.Looking for unknown anomalies - what is normal? Time Series analysis & its applications in Security
This article provides a practical outline for using Time Series analysis to surface anomalies on security event log data sources, visualizing and alerting on anomalies for further investigation in Azure Sentinel. We will describe the various functions which are used in compiling the query and how to use those KQL queries to either visualize the output or transform it into tabular data outputs to configure alerts on specific anomalies.
Help Protect your Exchange Environment With Microsoft Sentinel
TL;DR; Sentinel + Exchange Servers or Exchange Online = better protected New Microsoft Sentinel security solution for Exchange Online and on premises servers : Microsoft Exchange Security! This content is very useful for any organization concerned about keeping the highest security posture as possible and be alerted in case of suspicious activities for those critical items.Anomaly detection on the SAP audit log using the Microsoft Sentinel for SAP solution
Organizations who use the Microsoft for SAP solution obtain valuable security insights from events in the SAP security audit log as it contains trail on many important activities on both standard SAP and customer enhanced events. The current Sentinel solution encapsulates a variety of out of the box detections and visualization based on the valuable information in the SAP security log. We are proud to announce that the new Microsoft Sentinel for SAP Solution is enhanced with a feature designed to detect suspicious events in the SAP security audit log based on deviation from the norm, meaning anomalies, in addition to the existing deterministic detection patterns previously included with the solution.Handling ingestion delay in Azure Sentinel scheduled alert rules
At Azure Sentinel we take pride in the ability to ingest data from a variety of sources. However, data ingestion time may vary for different data sources under different circumstances. In this blog post we will address the delay challenge: understanding the impact of the ingestion delay and how to fix it.Joint forces - MS Sentinel and the MITRE framework
MITRE ATT&CK is a publicly accessible framework and knowledgebase of tactics and techniques that are commonly used by attackers. The MITRE ATT&CK framework is created and maintained by observing real-world scenarios. Many organizations use the MITRE ATT&CK framework to develop specific threat models and methodologies that are used to verify security status in their environments. In this blog post, we discuss the Microsoft Sentinel integration with the MITRE ATT&CK framework, and how it can help you improve your overall security coverage.
Cowrie honeypot and its Integration with Microsoft Sentinel.
Honeypot: Honeypot is a security mechanism designed to attract, detect, and analyze malicious activities and attackers by simulating a vulnerable system or network service. The primary purpose of a honeypot is to provide a controlled environment where security professionals can observe and study attack methods, tools, and behaviors without putting actual production systems at risk. Integrating Honeypot (Cowrie) with Microsoft Sentinel brings several benefits for enhancing cybersecurity operations. Microsoft Sentinel is a cloud-native Security Information and Event Management (SIEM) service that provides intelligent security analytics and threat intelligence across the enterprise. By combining Cowrie’s detailed honeypot data with Sentinel’s advanced analytics and automation capabilities, organizations can achieve a more comprehensive and effective security posture. Analytical Rules, Threat Hunting, Automation, Workbooks, Custom Parsers.Microsoft Sentinel Solution for SAP® Applications - New data exfiltration detection rules
On August 2022, Microsoft Sentinel solution for SAP was made generally available (GA). Together with releasing the Microsoft Sentinel Solution for SAP® Applications, new additional OOTB content has been added. This blog covers five new data exfiltration detection rules included with the Microsoft Sentinel Solution for SAP® Applications (these rules are currently in preview).
