User Profile
JasonCohen1892
MicrosoftJoined 5 years ago
User Widgets
Recent Discussions
New Blog Post | Azure Security Center
Azure Defender and Security Center – Ignite 2021 Announcements - Microsoft Tech Community Author: Gilad Elyashar We are happy to announce new protections for Windows Server 2019, Windows 10 Virtual Desktop and networking as well as improved experiences for alerts and reporting. Security Control: Enable encryption at rest - Microsoft Tech Community Author: Safeena Begum Lepakshi This Security Control contains up to 3 recommendations, depending on the resources you have deployed in your environment, and it is worth maximum whopping points of 4 (6%) that counts towards your overall Secure Score. These recommendations are meant to keep your resources safe and improve your security hygiene where continuous teamwork must be placed.New Blog Post | Announcing redirect of compliance solutions from SCC to M365 compliance center
Announcing redirect of compliance solutions from SCC to Microsoft 365 compliance center - Microsoft Tech Community Over the coming months, we will begin automatically redirecting users from the Office 365 Security & Compliance Center (SCC) to the Microsoft 365 compliance center for the following solutions: Audit, Data Loss Prevention, Information Governance, Records Management, and Supervision (now Communication Compliance). This is a continuation of our migration to the Microsoft 365 compliance center, which began in September 2020 with the redirection of the Advanced eDiscovery solution.New Blog Post | Compliance joins Microsoft Intelligent Security Association (MISA)
Compliance joins Microsoft Intelligent Security Association (MISA) - Microsoft Security Author: Rani Lofstrom - Senior Product Marketing Manager, Microsoft Security For my team, seeing the Microsoft Intelligent Security Association (MISA) grow to 190 partner companies has been a bright spot in a dark year. To date, MISA members have created 215 product integrations, and I’m pleased to announce that our pilot program for adding managed security service providers (MSSPs) has formally transitioned. MISA now includes 39 MSSP members who have created 76 MSSP offers since the beginning of the fiscal year.New Blog Post | Use Premium Assessments in Microsoft Compliance Manager
Use Premium Assessments in Microsoft Compliance Manager to Meet Your Regulatory Compliance Needs - Microsoft Tech Community To help organizations simplify compliance and reduce risk, we built Microsoft Compliance Manager, generally available since September 2020. Compliance Manager translates complex regulatory requirements into specific recommended actions and makes them available through premium assessment templates, covering over 300 regulations and standards. By leveraging the universal mapping of actions and controls, premium assessment templates allow customers to comply with several requirements across multiple regulations or standards with one action, providing an efficient solution to manage overlapping compliance requirements. Premium assessment templates along with built-in workflows and continuous compliance updates allow organizations to constantly assess, monitor, and improve their compliance posture.New Blog Post | Announcing Universal Assessment Templates in Microsoft Compliance Manager
Announcing Universal Assessment Templates in Microsoft Compliance Manager - Microsoft Tech Community Today, we are excited to announce universal assessment templates in Compliance Manager to help customers assess compliance for their non-Microsoft 365 workloads. These templates will be available within Compliance Manager in the coming weeks. Compliance Manager currently provides a comprehensive set of 300+ assessment templates. We are enabling these templates to support a broad set of products or services that customers use, helping them track, manage, and demonstrate compliance across their multi-cloud environment. This capability will allow customers to track their compliance for their multi-cloud deployment from Compliance Manager, removing the need to monitor and consolidate compliance results from multiple tools assessing different products or services. Customers can use these 300+ universal regulatory templates to create multiple assessment instances and map them to different products such as Salesforce or SAP within their environment. Additionally, we are simplifying the experience of adjusting compliance assessments to a customer's specific regulatory requirements, providing visibility into the customer's compliance-by-product. Universal templates will be available alongside Microsoft 365 specific included or premium templates for no additional charge. Read this document for details.New Blog Post | Compliance Ecosystem Expands with New Connectors and Partners
Compliance Ecosystem Expands with New Connectors and Partners - Microsoft Tech Community To continue to enable our customers to apply Microsoft Compliance solutions to their entire data landscape including non-Microsoft systems we are constantly expanding our Compliance ecosystem. Data connectors are built-in to our Compliance platform and enable high-fidelity data ingestion. Once data is ingested it is available for multiple compliance scenarios including Litigation hold, eDiscovery, Retention settings, Records management, Communication compliance as well as Insider risk management.New Blog Post | Azure LoLBins: Protecting against the dual use of virtual machine extensions
Azure LoLBins: Protecting against the dual use of virtual machine extensions - Microsoft Security Azure Defender for Resource Manager offers unique protection by automatically monitoring the resource management operations in your organization, whether they’re performed through the Azure portal, Azure REST APIs, Azure CLI, or other Azure programmatic clients. In this blog, we will look into the threats that are caused by “Living off the land Binaries” (LoLBins).Azure Defender for IoT: Defending IT and OT for DoD and Defense Industrial Base from CMMC to JADC2
(10) Azure Defender for IoT: Defending IT and OT for DoD and Defense Industrial Base from CMMC to JADC2 - YouTube Presenter(s): Joe DiPietro, Chris Cleary, Josh O'Sullivan. Please join Microsoft, Ardalyst, and featured defense expert where we will discuss the critical components of a mature cyber defense program from the cradle to the grave of DoD systems. As most DoD warfighting capabilities are born and die in the DIB, we will explore the current art and science of IT and OT cyber defense and its implications from a full lifecycle perspective through a combined government and industry panel. Defending commercial industry and Defense Industrial Base (DIB) from an Information and Operational Technologies (IT and OT) perspectives underpins the challenges we have in a Joint fight. As the Cybersecurity Maturity Model Certification (CMMC) comes online, it parallels the need for the DoD to mature internal cyber defense requirements and the resilient supply chain necessary to support it. During the webinar, we will help you better understand: Why can’t we fix the vulnerabilities in technologies, specifically OT? What is the best way to effectively sensor a system? How do we leverage threat intelligence to understand and adapt against adversaries? How can OT sensors deter adversaries? What is the right workforce to deter, detect, and engage adversaries?New Blog Post | What’s New: Azure Sentinel Threat Intelligence Workbook
What’s New: Azure Sentinel Threat Intelligence Workbook (microsoft.com) Customers exploring threat intelligence indicators in their cloud workloads today face challenges understanding, aggregating, and actioning data across multiple sources. Threat intelligence is an advanced cybersecurity discipline requiring detailed knowledge of identifying and responding to an attacker based on observation of indicators in various stages of the attack cycle. Azure Sentinel is a cloud native SIEM solution that allows customers to import threat intelligence data from various places such as paid threat feeds, open-source feeds, and threat intelligence sharing communities. Azure Sentinel supports open-source standards to bring in feeds from Threat Intelligence Platforms (TIPs) across STIX & TAXII. Microsoft has released the next evolution of threat hunting capabilities in the Azure Sentinel Threat Intelligence Workbook.New Blog Post | MITRE ATT&CK technique coverage with Sysmon for Linux
MITRE ATT&CK technique coverage with Sysmon for Linux - Microsoft Tech Community In this blog, we will focus in on the Ingress Tool Transfer technique (ID T1105) and highlight a couple of the Sysmon events that can be used to see it. We observe this technique being used against Linux systems and sensor networks regularly, and while we have tools to alert on this activity, it is still a good idea to ensure you have visibility into the host so you can investigate attacks. To look at this technique, we will show how to enable collection of three useful events, what those events look like when they fire, and how they can help you understand what happened. Additionally, we will show what those events look like in Azure Sentinel.New Blog Post | A Quick Guide on Using Sysmon for Linux in Azure Sentinel
A Quick Guide on Using Sysmon for Linux in Azure Sentinel - Microsoft Tech Community Today, Linux is one of the fastest growing platforms on Azure. Linux based images form over 60% of Azure Marketplace Images. With Azure's support of common Linux distributions growing every day, the sophistication of cyber-attacks targeting Linux continues to grow. As part of the Sysinternals 25th anniversary, the Sysinternals team released a new Sysmon tool supporting Linux. Sysmon for Linux is an open-source Linux system monitoring tool that helps with providing details on process creations, network connections, file creations and deletions among other things. Sysmon for Linux is based on an eBPF (Extended Berkeley Packet Filter)-based technology targeted at in-kernel monitoring without making any changes to the kernel source code. By collecting the events it generates using Azure Sentinel and subsequently analyzing them, you can identify malicious or anomalous activity and understand how intruders and malware operate on your network. Sysmon for Linux can be used to analyze pre compromise and post compromise activity and when correlated with Azure Security Center (ASC)/Azure Defender (AzD) Linux detections this helps detecting the end-to-end attacker activity. In this blog post we will be taking a quick look at different log events made available by Sysmon for Linux that defenders can use to gather more information on the alerts triggered in Azure Sentinel.New Blog Post | Automating the deployment of Sysmon for Linux & Azure Sentinel in a lab environment
Automating the deployment of Sysmon for Linux :penguin: and Azure Sentinel in a lab environment 🧪 - Microsoft Tech Community Today, we celebrate 25 years of Sysinternals, a set of utilities to analyze, troubleshoot and optimize Windows systems and applications. Also, as part of this special anniversary, we are releasing Sysmon for Linux, an open-source system monitor tool developed to collect security events from Linux environments using eBPF (Extended Berkeley Packet Filter) and sending them to Syslog for easy consumption. Sysmon for Linux is built on a library also released today named sysinternalsEBPF which is built on libbpf including a library of eBPF inline functions used as helpers. In this post, we will show you how to automatically deploy a research lab environment with an Azure Sentinel instance and a few Linux virtual machines with Sysmon for Linux already installed and configured to take it for a drive and explore it.New Blog Post | Analyzing Endpoints Forensics - Azure Sentinel Connector
Analyzing Endpoints Forensics - Azure Sentinel Connector - Microsoft Tech Community The field of Endpoint forensics seeks to help investigators reconstruct what happened during an endpoint intrusion. Did an attacker break in because of a missing definition / signature / policy / setting or a configuration, and if so, how? What havoc did the attacker wreak after breaking in? Tools that help investigators answer these types of questions are still quite primitive and are often hindered by incomplete or incorrect information. Analyzing Endpoints Forensics - Azure Sentinel Connector can enable more-powerful forensic analysis through techniques such as streaming a computer’s EPP (Endpoint Protection) health status, policies, settings, and configuration in addition to IoT vulnerable assets, data events & vulnerabilities. Devices (IT/OT) health state and security configurations policies and settings (Microsoft Defender for Endpoint & Azure Defender for IoT) are critical to SOC team helping them to address the following use cases: Identifying onboarded devices and their health status Activity and a security posture for IT/OT assets Viewing the compliance status of the devices based on the security recommendations Identifying devices vulnerabilities and hence provide a triage – matrix remediation frameworkNew Blog Post | Azure Sentinel Notebooks Ninja Part 2: Getting Started with Azure Sentinel Notebooks
Azure Sentinel Notebooks Ninja Part 2: Getting Started with Azure Sentinel Notebooks - Microsoft Tech Community This installment is part of a broader learning series to help you become a Jupyter Notebook ninja in Azure Sentinel. The installments will be bite-sized to enable you to easily digest the new content. Part 1: What are notebooks and when do you need them? Part 2: How to get started with notebooks and tour the features – this post Part 3: Overview of the pre-built notebooks and how to use them Part 4: How to create your own notebooks from scratch and how to customize the existing onesNew Blog Post | Azure Sentinel Notebooks - Azure cloud support, new visualizations
Azure sovereign clouds, Matrix visualization, Process Tree update in MSTICPy 1.4 (microsoft.com) The 1.4.2 release of MSTICPy includes three major features/updates: Support for Azure sovereign clouds for Azure Sentinel, Key Vault, Azure APIs, Azure Resource Graph and Azure Sentinel APIs A new visualization — the Matrix plot Significant update to the Process Tree visualization allowing you to use process data from Microsoft Defender for Endpoint, and generic process data from other sources. We have also consolidated our visualizations into a single pandas accessor to make them easier to invoke from any DataFrame.New Blog Post | Becoming an Azure Sentinel Notebooks ninja - the series!
Azure Sentinel notebook ninja - the series! (microsoft.com) Welcome to a new series on Azure Sentinel Notebooks! In this post, we want to introduce everyone to the Notebooks feature of Azure Sentinel and provide some basic knowledge that we’ll build on throughout this series. The series will take the following form: Part 1: What are notebooks and when do you need them? – this post Part 2: How to get started with notebooks and tour of the features Part 3: Overview of the pre-built notebooks and how to use them Part 4: How to create your own notebooks from scratch and how to customize the existing onesNew Blog Post | What's new: Azure Sentinel new onboarding/offboarding API
What's new: Azure Sentinel new onboarding/offboarding API - Microsoft Tech Community Azure Sentinel is a nested resource on top of a Log Analytics workspace, which introduces some complexity in managing the Azure Sentinel resource on its own. Up until now, onboarding to Azure Sentinel required performing multiple API calls to multiple endpoints. When done by the UI the complexity is hidden from end user but for API users, this created complexities. To overcome this, we introduce a dedicated endpoint called “OnboardingStates”. This endpoint allows managing the Azure Sentinel instance seamlessly on a workspace through the API. The endpoint provides a single source of truth for performing the different operations required for a complete creation/deletion (aka onboarding/offboarding) of Azure Sentinel on a workspace.New Survey | Azure Sentinel Training Sessions- SIGN UP!
Jupyter Notebooks is a powerful tool and an integral part of Azure Sentinel's toolkits. Many of customers have expressed interest in more trainings, so they can better understand the tool and apply it to improve their SOC workflows. We are looking to better understand your needs and experience with notebooks, and how you would like to apply notebooks to accelerate and augment your threat hunting and investigation. Please sign up for the training sessions by filling this short, 5-minutes survey: https://forms.office.com/r/6er1VFESLfNew Blog Post | What's new: Incident advanced search is now public!
What's new: Incident advanced search is now public! - Microsoft Tech Community By default, incident searches run across the Incident ID, Title, Tags, Owner, and Product name values only. Now, with the new Advanced search pane, you can scroll down the list to select one or more other parameters to search on.
