Hunting PowerShell Abuse in MDE: Eight Queries, Real Results
All right class
PowerShell is in every serious Windows intrusion.
KQL
Your Sentinel Detection Setup Is Probably Broken. Here's How to Know.
All right class
Most environments running Sentinel today have the
Defender XDR Incident Investigation: A to Z Using a Real Example
All right class.
There are a few ways you end
Conditional Access Health Check: What Your Policies Actually Do
All right class.
This is highly technical post referencing KQL
Detection Engineering and Why It's a Must Have Part 2
All right class
This is a continuation of part 1
Detection Engineering and Why It's a Must Have
Why Your SIEM Won't Save You Without It
Why KQL Enrichment Actually Works (And Why Your Alerts Are So Much Better With It)
All right class.
You run an analytic rule. It fires
User Audit Investigation Workbook: Deploy in Minutes, Investigate in Seconds
All right class.
This is the workbook I wish people
KQL User Audit Playbook V2: The Insider Threat Investigation Guide
All right class.
This is a continuation of my previous
Teams Threat Protection: What Actually Changed and What You Can Actually Hunt
All right class
Your SOC has limited visibility into Teams.