SOC Operations

Advanced Hunting Just Got a Lot More Powerful. You Can Now Act on What You Find.

All right class Hunting was always "find bad things

Evaluating and Onboarding a Microsoft MSSP (Without the Chaos)

All right class If you read lesson one, you already

Detection Engineering and Why It's a Must Have

Why Your SIEM Won't Save You Without It

Defender for Identity: What's The Point? (And Is It Actually Worth Your Time)

All right class. You have Active Directory. You have domain

Microsoft Sentinel on a Shoestring: What You Can Actually Do with Business Premium

All right class You have Entra ID P1 and Business

Data Connectors: The Order That Actually Matters

All right class I've seen people enable data

KQL User Audit Playbook V2: The Insider Threat Investigation Guide

All right class. This is a continuation of my previous

Teams Threat Protection: What Actually Changed and What You Can Actually Hunt

All right class Your SOC has limited visibility into Teams.

Threat Analytics in Microsoft Defender: What It Actually Does and Why Your SOC Needs It

All right class. You're doing your SOC investigations

Hunting in Microsoft Sentinel: What Hunting Actually Is and Why You Need It

Terminology matters here. Microsoft uses these words in specific ways,