Protect your organizations against QR code phishing with Defender for Office 365
QR code phishing campaigns have most recently become the fastest growing type of email-based attack. These types of attacks are growing and embed QR code images linked to malicious content directly into the email body, to evade detection. They often entice unwitting users with seemingly genuine prompts, like a password reset or a two-factor authentication request. Microsoft Defender for Office 365 is continuously adapting as threat actors evolve their methodologies. In this blog post we’ll share more details on how we’re helping defenders address this threat and keeping end-users safe.Microsoft Sentinel API 101
Our Sentinel Management API just went GA! In this blog post we give you the 101 on the different APIs you can use to interact with Microsoft Sentinel. We'll look at how you can use them, when you should use them, what tools you can use to interact with them and how to authenticate to them.What’s New: Azure Sentinel Threat Hunting Enhancements
We are delighted to introduce a set of enhancements that greatly enhance the analyst experience with Azure Sentinel’s hunting capabilities by better tying them together, as well as by providing documentation and training on how to make the most of these existing capabilities.Monitoring Windows Virtual Desktop environments (Fall 2019 release) with Microsoft Sentinel
In order to enable remote work, some organizations have had to make rapid and sweeping changes to their endpoints. Windows Virtual Desktop (WVD) has enabled our customers to quickly provision Windows 10 virtual desktops to enable people who have traditionally not been remote workers to access a virtualized work desktop from home. However, these new endpoints also need to be monitored to maintain an organization’s security posture and so in this blog, we will explore how you can use Microsoft Sentinel to monitor your WVD environment.Azure Sentinel correlation rules: Active Lists out; make_list() in, the AAD/AWS correlation example
Writing alert rules using KQL is powerful but does not have to be complicated. A good example would be rules that in traditional SIEM use Active Lists. In this blog post, I will describe how to avoid Active Lists entirely using Sentinel query-based rules.Joint forces - MS Sentinel and the MITRE framework
MITRE ATT&CK is a publicly accessible framework and knowledgebase of tactics and techniques that are commonly used by attackers. The MITRE ATT&CK framework is created and maintained by observing real-world scenarios. Many organizations use the MITRE ATT&CK framework to develop specific threat models and methodologies that are used to verify security status in their environments. In this blog post, we discuss the Microsoft Sentinel integration with the MITRE ATT&CK framework, and how it can help you improve your overall security coverage.
