Workplace Ninja's Blog
Our goal is to share knowledge with the community and to make Workplace Management with Microsoft Technologies simpler for everybody. We wish you happy reading!
Featured Posts
Microsoft Sentinel ASIM Parser demystified
In the realm of cybersecurity, the ability to efficiently parse and analyze vast amounts of data is crucial. Microsoft Sentinel offers a powerful solution for this purpose. One of its key features is the ASIM (Advanced Security Information Model) parser, which plays a significant role in data normalization and enrichment.
Enhancing Network Security Insights with IDS/IPS of Ubiquiti Dream Machine Pro and Microsoft Sentinel
In my previous post, I explored the basics of integrating Ubiquiti Dream Machine Pro logs with Microsoft Sentinel, setting the stage for advanced network monitoring and security analysis. Today, we’re taking a significant leap forward by incorporating the threat detection capabilities of the device, which is using Suricata, an open-source
Latest Posts
Microsoft Sentinel Security Incident statistics with Workbooks
Apparently the contents from the screenshots taken is not easy to read and some zoom-in is required. Layer 8 issue. Table of Contents Intro You/your company has just signed up for a SIEM/SOAR solution where data from multiple, different external systems/platforms is aggregated, analyzed and (worst case) processed into Security
Extending Microsoft Sentinel with important device data
During security Incident Analysis, Threat and Vulnerability Management and security activities it’s important to have enough data available to correlate them. Especially Microsoft Intune contains a lot of valuable information, but also other resources which are available via Microsoft Graph can be helpful. It is simple to add this information
Sentinel Incident Automation – Playbook dependencies
Intro In this blog post I follow up on my previous blog post. There we addressed the challenge to to handle the (potentially massive) delay in entity mappings for security incidents. Here’s the link in case you missed the blog post: Sentinel Incident Automation – handle entity mapping delay in
Sentinel Incident Automation – handle entity mapping delay in Playbooks
Intro Automation is a key element to improve SOC efficiency. Many different use cases exist where automation can be applied Tagging of Security incidents Severity level adoptions Auto-Closure Security incident information enrichment …and many more Most of the automation is based on pre-defined conditions. To auto-close a security incident one
SOC Monitor wall – Build your Content (Part 3)
In this blog post, I share how the dedicated workbooks could look like regarding their content. Note: During the analysis of a specific high-severity security incident in a customer environment you might want to display specific content on the SOC wall screen. Link to other Parts: Planning the Setup Develop
SOC Monitor wall – Planning the Setup (Part 1)
The big plus working in a SOC is the possibility to be on-site with other Security Analysts rather than being separated in the home office. Working in a MSSP SOC means to keep an eye on multiple customer SIEM’s simultaneously in terms of security incidents and anomalies/availability of mandatory log