Azure Sentinel ‘Brute Force RDP Attack’

This blogpost is about a real-world use case where we will explain almost all Azure Sentinel functions. Because we want this blog to have real-world data for every reader to reproduce, we start with the setup of our honeypot (a honeypot is a system intended to mimic a target of cyberattacks to detect unauthorized access) … Continued

Brute force vs. Password Spray attack in Azure Sentinel

The purpose of this blog is to explain the difference between ‘brute force,’ and ‘password spray’ attacks with real-world data and visualization via the Azure Sentinel Logs (e.g., Hunting) and Workbooks feature. Brute force attack A brute password attack is using multiple passwords (automated via a password file, for example) to attack one user account. … Continued

Azure Sentinel: Using third party connectors

Azure Sentinel: taking security to the next level

Just before the RSA 2019 conference, Microsoft announced a new cloud-native SIEM solution called Azure Sentinel. Sentinel is meant to be the extra pair of eyes to keep your enterprise even more secure than before. Threats are more eminent than ever before since more and more companies go to the cloud. Therefore, attackers have more … Continued

Using Azure Sentinel for daily Security Operations

At InSpark, we use Azure Sentinel (Microsoft’s Cloud Security Information & Event Management (SIEM) solution) to help keep our customers safe. Azure Sentinel is a relatively new Microsoft tool. In this article, we will elaborate on its functionalities and illustrate these with real-world examples from our Cloud-native Security Operations Center (SOC). In our SOC, we … Continued

MISP threat intelligence in Azure Sentinel & MDATP ‘IoC’ feature

This blog is about integrating MISP² Threat Intelligence in Azure Sentinel¹ and Microsoft Defender ATP³ to search IoC (Indicator of Compromise: e.g. IP-address, domain names, hashes, etc.) in all connected log sources (Data collections) to Detect the presence of threats and automate Respond (block). ¹ Microsoft Azure Sentinel is the cloud-native SIEM solution from Microsoft, which … Continued

RSA 2019: De nieuwste Microsoft Azure Security Features

In de week van 4 tot 8 maart was ik in San Francisco op de RSA conferentie 2019. Het evenement stond dit jaar in het teken van ‘BETTER’, waarmee ze benadrukten dat het beter is om met elkaar samen te werken om elkaar zo te versterken. Microsoft heeft bijvoorbeeld de “Microsoft Intelligent Security Graph”. In deze oplossing deelt Microsoft de inzichten van hun beveiligingsproducten, met die van partners. Hierdoor kan iedereen inzicht krijgen in actuele bedreiging die spelen, met als doel om sneller op deze incidenten te … Continued