This blogpost is about a real-world use case where we will explain almost all Azure Sentinel functions. Because we want this blog to have real-world data for every reader to reproduce, we start with the setup of our honeypot (a honeypot is a system intended to mimic a target of cyberattacks to detect unauthorized access) … Continued
The purpose of this blog is to explain the difference between ‘brute force,’ and ‘password spray’ attacks with real-world data and visualization via the Azure Sentinel Logs (e.g., Hunting) and Workbooks feature. Brute force attack A brute password attack is using multiple passwords (automated via a password file, for example) to attack one user account. … Continued
Just before the RSA 2019 conference, Microsoft announced a new cloud-native SIEM solution called Azure Sentinel. Sentinel is meant to be the extra pair of eyes to keep your enterprise even more secure than before. Threats are more eminent than ever before since more and more companies go to the cloud. Therefore, attackers have more … Continued
At InSpark, we use Azure Sentinel (Microsoft’s Cloud Security Information & Event Management (SIEM) solution) to help keep our customers safe. Azure Sentinel is a relatively new Microsoft tool. In this article, we will elaborate on its functionalities and illustrate these with real-world examples from our Cloud-native Security Operations Center (SOC). In our SOC, we … Continued