Recent Blog ArticlesMost RecentMost LikesEnabling AD FS Security Auditing 📡 and Shipping Event Logs to Microsoft Sentinel 🛡️ Active Directory Federation Service (AD FS) enables Federated Identity and Access Management by securely sharing digital identity and entitlements rights across security and enterprise boundaries. AD...Automating the deployment of Sysmon for Linux 🐧 and Azure Sentinel in a lab environment 🧪 Today, we celebrate25 years of Sysinternals,a set of utilities to analyze, troubleshoot and optimize Windows systems and applications.Also,as part of this special anniversary,we arereleasingSy...Re: Testing the New Version of the Windows Security Events Connector with Azure Sentinel To-Go! HelloSocInABox, the document actually says to use AMA. Create Deployment Template We caneasilyadd all those ARMtemplates to an ‘Azure Sentinel & Win10 Workstation’ basictemplate.We ju...Testing the New Version of the Windows Security Events Connector with Azure Sentinel To-Go! Last week, onMonday June 14th,2021,anew version of theWindows Security Events data connectorreached public preview. This is thefirstdataconnectorcreated leveragingthe new generallyavailab...Azure Sentinel To-Go! A Linux 🐧 Lab with AUOMS Set Up to Learn About the OMI Vulnerability 💥 In this post, Iwill showyou how toautomaticallydeployaresearchlab environment withAzure Sentinel, a fewLinuxvirtual machinesandtheMicrosoft Audit Collection Tool (AUOMS)set upto unders...Re: Testing the New Version of the Windows Security Events Connector with Azure Sentinel To-Go! Thank youJamesvandenBerg! I appreciate the feedback 🙂 Azure Sentinel To-Go (Part2): Integrating a Basic Windows Lab 🧪 via ARM Templates 🚀 Most of the time when we think about the basics of a detection research lab, it is an environment with Windows endpoints, audit policies configured, a log shipper, a server to centralize security eve...Re: Azure Sentinel To-Go (Part1): A Lab w/ Prerecorded Data 😈 & a Custom Logs Pipe via ARM Temp Hey AndyHerb thank you very much for the feedback and sharing the additional use cases. can you provide more details about "Whilst I was able to fake it with a dummy Incident (see KQL below) I was ho...Re: Azure Sentinel To-Go (Part1): A Lab w/ Prerecorded Data 😈 & a Custom Logs Pipe via ARM Temp Ahh niceeee! thank you cesarfong . That works too 🙂 I will make a note of that too. Thank you for sharing. Re: Azure Sentinel To-Go (Part1): A Lab w/ Prerecorded Data 😈 & a Custom Logs Pipe via ARM Temp Hey cesarfong ! Thank you. Have you tried to build it? https://github.com/edenhill/kafkacat#requirements . Yeah old versions do not have that flag.
MicrosoftMicrosoftMicrosoftMicrosoft
