Ali Alwashali-ng 🚦
@ali_alwashali
Threat Detection and Response.
ID:4679036928
30-12-2015 17:40:47
2,7K Tweets
14,8K Followers
1,3K Following
It’s sometimes hard to distinguish which Azure tenant is responsible for some alerts/notifications sent via email.
I hope the folks Microsoft Azure add the tenant ID to all email templates.
If you want to play with KQL and use some of your own data rather than sample data, set yourself up a free Azure Data Explorer (ADX) cluster. No credit card or Azure subscription required, 100 GB storage, it is great for testing and ad-hoc analysis - learn.microsoft.com/en-us/azure/da…
Let's meet if you are attending the #FIRSTCTI24 cyber threat intelligence conference in Berlin.
first.org/conference/fir…
Graph activity logs in azure are crucial to build detections for attacks that use graph api
Most common example are the discovery techniques used by tools like AzureHound
I recommend reading Fabian Bader blogs about this topic
cloudbrothers.info/detect-threats…
cloudbrothers.info/detect-threats…
This new book has finally arrived. Thank's to No Starch Press as well as Bill Pollock -- [email protected] for making it happen as well as Lee Holmes as my tech reviewer.