Microsoft Sentinel

Fixing Microsoft's Azure Brute Force Detection: Why Their Template Fires Constantly (And What You Should Change)

All right class. Microsoft ships an out-of-the-box analytic rule for

Building a Brute Force Detection Query: How To Think Through Network Logon Failures

All right class, take your seats. This post is about

Continuous Export to Log Analytics: Getting Defender for Cloud Data Where You Need It

Alright, class. You've got Defender for Cloud on.

Post-Deployment Sentinel and Defender XDR: You're Not Done Yet

Alright, class. So you've deployed Sentinel. You'

App Governance in Defender for Cloud Apps: Your OAuth App Security Command Centre

Alright, class. Take your seats. We've covered Shadow

Mastering Policies in Defender for Cloud Apps: A Deep Dive for the SOC Trenches

Alright, class. Take your seats. Today is a long lesson,

A SOC Analyst's Introduction to Defender for Cloud Apps

Alright, class. Take your seats. Let's talk about

The KQL User Audit Playbook: Your Template for Investigations

Alright, class. Take your seats. It’s 3 PM on

The KQL Playbook (Play #5): The Anomaly Play - Finding the 'Weird'

Alright, class. Take your seats. In our last beginner session,

The KQL Playbook (Play #4): The Correlation Play - Joining Tables and Enriching Data

Alright, class. Take your seats. In our last play, we