Microsoft Sentinel & Cyberint Threat Intel Integration Guide
Explore comprehensive guide on"Microsoft Sentinel & Cyberint Threat Intel Integration Guide," to learn how to integrate Cyberint's advanced threat intelligence with Microsoft Sentinel. This detailed resource will walk you through the integration process, enabling you to leverage enriched threat data for improved detection and response. Elevate your security posture and ensure robust protection against emerging threats. Read the guide to streamline your threat management and enhance your security capabilities.Querying WHOIS/Registration Data Access Protocol (RDAP) with Azure Sentinel and Azure Functions
With the amazing increase in domains and top-level domains (TLD's) on the Internet, it's difficult to know just where our users are going. Newly registered domains, domain generation algorithms, and typo-squatting are all tactics used by adversaries to compromise users. By researching the domains our users are accessing and generating alerts on potentially suspicious activity, we can be more aware of the risks and hopefully get ahead of the problem. This blog post covers and example of extending Azure Sentinel using Azure Functions to call the Registration Data Access Protocol (RDAP) to gather information on the domains that are being accessed in an environment.Using KQL functions to speed up analysis in Azure Sentinel
Security Operations can often be a very repetitive role. As a security analyst, you will often find yourself conducting the same actions and tasks as you work through an investigation. KQL functions in Azure Sentinel provide a way in which analysts can build up a collection of investigation tools to call upon quickly and simply.
