IT Professor

Sign in Subscribe

Featured

Advanced Hunting Just Got a Lot More Powerful. You Can Now Act on What You Find.

Advanced Hunting Just Got a Lot More Powerful. You Can Now Act on What You Find.

Advanced Hunting

The Nag Machine: A Logic App That Badgers Your Team About Unowned Sentinel Incidents

The Nag Machine: A Logic App That Badgers Your Team About Unowned Sentinel Incidents

Microsoft Sentinel

Your Crown Jewels Are in Defender. You Just Never Set Them Up.

Your Crown Jewels Are in Defender. You Just Never Set Them Up.

Defender XDR

Building Your First Threat Hunting Hypothesis (The MITRE Way)

Building Your First Threat Hunting Hypothesis (The MITRE Way)

Threat Hunting

Diagnostic Settings Manager Workbook

Diagnostic Settings Manager Workbook

Microsoft Sentinel

Azure Key Vault: The High-Value Queries Your SOC Isn't Running

Azure Key Vault: The High-Value Queries Your SOC Isn't Running

Microsoft Sentinel

Hunting PowerShell Abuse in MDE: Eight Queries, Real Results

Hunting PowerShell Abuse in MDE: Eight Queries, Real Results

KQL

I Passed the GCDA. Here's What Nobody Tells You About SEC555

I Passed the GCDA. Here's What Nobody Tells You About SEC555

Detection Engineering

Your Sentinel Detection Setup Is Probably Broken. Here's How to Know.

Your Sentinel Detection Setup Is Probably Broken. Here's How to Know.

Microsoft Sentinel

Defender XDR Incident Investigation: A to Z Using a Real Example

Defender XDR Incident Investigation: A to Z Using a Real Example

Defender XDR

Evaluating and Onboarding a Microsoft MSSP (Without the Chaos)

Evaluating and Onboarding a Microsoft MSSP (Without the Chaos)

Managed SOC

Choosing a Microsoft MSSP Without Getting Burned (SOC/SIEM)

Choosing a Microsoft MSSP Without Getting Burned (SOC/SIEM)

Microsoft Sentinel

Conditional Access Health Check: What Your Policies Actually Do

Conditional Access Health Check: What Your Policies Actually Do

KQL

Detection Engineering and Why It's a Must Have Part 2

Detection Engineering and Why It's a Must Have Part 2

Detection Engineering

Detection Engineering and Why It's a Must Have

Detection Engineering and Why It's a Must Have

Microsoft Sentinel

One‑Click Threat Intel: Add IOCs from Sentinel Incidents with a Logic App

One‑Click Threat Intel: Add IOCs from Sentinel Incidents with a Logic App

Logic Apps

Sentinel Cost Spike: How To Actually Find The Culprit Table

Sentinel Cost Spike: How To Actually Find The Culprit Table

Microsoft Sentinel

Defender for Identity: What's The Point? (And Is It Actually Worth Your Time)

Defender for Identity: What's The Point? (And Is It Actually Worth Your Time)

Defender XDR

Microsoft Sentinel on a Shoestring: What You Can Actually Do with Business Premium

Microsoft Sentinel on a Shoestring: What You Can Actually Do with Business Premium

Microsoft Sentinel

Why KQL Enrichment Actually Works (And Why Your Alerts Are So Much Better With It)

Why KQL Enrichment Actually Works (And Why Your Alerts Are So Much Better With It)

Microsoft Sentinel

Advanced Hunting

Show more →

Alert Tuning

Fixing Microsoft's Azure Brute Force Detection: Why Their Template Fires Constantly (And What You Should Change)

Show more →

Analytic Rules

Show more →

App Governance

App Governance in Defender for Cloud Apps: Your OAuth App Security Command Centre

Show more →

Attack Path Analysis

Show more →

Automation

Show more →

AWS Security

Show more →

Azure

So You've Deployed Sentinel. Now What? A Guide to Data Connectors

Show more →

Azure Arc

Connecting Your Environment to Defender for Cloud: Azure, AWS, GCP, and On-Premises

Show more →

Azure Key Vault

Azure Key Vault: The High-Value Queries Your SOC Isn't Running

Show more →

Azure Security

Show more →

Career Advice

Show more →

CASB

Show more →

Cheatsheet

Hunting Ransomware in Storage Accounts (When You Can't Afford Defender)

Show more →

Cloud Compliance

Why You Actually Need Microsoft Defender for Cloud (And What It Actually Does)

Show more →

Conditional Access

Show more →

Cost Optimisation

Show more →

Data Connectors

Show more →

Defender for Identity

Defender for Identity: What's The Point? (And Is It Actually Worth Your Time)

Show more →

Defender for Office 365

Show more →

Defender XDR

Show more →

Detection Engineering

Show more →

Exams

I Passed the GCDA. Here's What Nobody Tells You About SEC555

Show more →

GCP Security

Show more →

Getting Started

Show more →

Incident Investigation

Defender XDR Incident Investigation: A to Z Using a Real Example

Show more →

Incident Response

Show more →

Insider Risk

Show more →

Interview Prep

Show more →

KQL

Show more →

KQL Playbook

Show more →

Learning KQL

Show more →

Logic Apps

Show more →

Managed SOC

Show more →

MDCA

Show more →

Microsoft Defender for Cloud Apps

Show more →

Microsoft Sentinel

Show more →

Microsoft Teams

Teams Threat Protection: What Actually Changed and What You Can Actually Hunt

Show more →

MSSP

Show more →

OAuth Security

App Governance in Defender for Cloud Apps: Your OAuth App Security Command Centre

Show more →

Phishing

Attack Simulation Training in Microsoft Defender for Office 365

Show more →

Playbook

Microsoft Sentinel: Let the Robots Do the Work - Your First Automation Playbook

Show more →

PowerShell

Show more →

public

The Nag Machine: A Logic App That Badgers Your Team About Unowned Sentinel Incidents

Show more →

Rule Tuning

Microsoft Sentinel Rule Tuning: Kick the Noise, Keep the Signal

Show more →

Security Operations

Show more →

Sentinel Tuning

Show more →

Sentinel Workbook

Show more →

Shadow IT

Show more →

SIEM

Choosing a Microsoft MSSP Without Getting Burned (SOC/SIEM)

Show more →

SOC

Show more →

SOC Operations

Show more →

Threat Hunting

Show more →

UEBA

Show more →

Watchlist

Show more →

Workbooks

Show more →

Consent Preferences