Category: Azure Sentinel

Phish delivered due to an ETR override – Defender & Sentinel

Featured by dakseven, posted in Azure Sentinel, Defender, Defender for 365, Exchange Online, Office365, Security, Windows 10

This alert fires when message containing phish was delivered due to an ETR override. ( mail flow rule ) In order to resolve and troubleshoot . We have to get into the exchange mail flow portal and investigate why could potentially a mail flow rule allow phising emails . In the following scenario we have … Continue reading Phish delivered due to an ETR override – Defender & Sentinel

Advertisement

Azure Sentinel Query—Monitor USB data Exfiltration

Featured by dakseven, posted in Azure AD, Azure Sentinel, Security, Security Basics

This article understands that you already configured Sentinel in your Environment Data exfiltration can be caused intentionally or by mistake Malicious insiders can be considered as trusted actors that can cause damage to your organization to their own gain There are many types of exfiltration ( Email , Sharing Links , USB .. ) In … Continue reading Azure Sentinel Query—Monitor USB data Exfiltration

Monitoring and securing logins outside your Country with Conditional Policy & Automate Blocking personal Devices in Azure AD with Sentinel

Featured by dakseven, posted in Azure, Azure AD, Azure Sentinel, Log Analytics, Logic Apps, Security

A common way to protect your azure & Office 365 tenant, reducing the exposure, is a conditional policy allowing only to perform logins on the source country of origin. Since there are as many countries as you can guess, the attackers or adversaries will also have to guess such country. The idea of this monitoring … Continue reading Monitoring and securing logins outside your Country with Conditional Policy & Automate Blocking personal Devices in Azure AD with Sentinel

Detect and Secure PNP Sessions In Sentinel in your Sharepoint

Featured by dakseven, posted in Azure Sentinel, Security, Sharepoint Online

PNP PowerShell is a .NET Core 3.1 / .NET Framework 4.6.1 based PowerShell Module providing over 600 cmdlets that work with Microsoft 365 environments such as SharePoint Online, Microsoft Teams, Microsoft Project, Security & Compliance, Azure Active Directory, and more. Knowing that, what can we do to proactively secure and Monitor this changes Malicious actions … Continue reading Detect and Secure PNP Sessions In Sentinel in your Sharepoint

How to create alerts from Azure sentinel in log analytics

Featured by dakseven, posted in Azure Sentinel, Security

The requirements: Experience for log analytics and setting up alerts ( the guidance assumes you have configured all the requirements)Azure Sentinel integration data sourcesLog Analytics Workspace linked to SentinelAzure Sentinel Alert RuleIntegration in Analytics workspace of Azure AD, Virtual machine logs for analysis Usefull Links https://docs.microsoft.com/en-us/azure/sentinel/quickstart-onboard https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/howto-integrate-activity-logs-with-log-analytics https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/ Create the alert rule from analytics in … Continue reading How to create alerts from Azure sentinel in log analytics