WPNinjas HeaderWPNinjas Header

Tag: KQL

Microsoft Sentinel
Thomas Kurth

Microsoft Sentinel ASIM Parser demystified

In the realm of cybersecurity, the ability to efficiently parse and analyze vast amounts of data is crucial. Microsoft Sentinel offers a powerful solution for this purpose. One of its key features is the ASIM (Advanced Security Information Model) parser, which plays a significant role in data normalization and enrichment.

Read More »
Security
Thomas Kurth

Extending Microsoft Sentinel with important device data

During security Incident Analysis, Threat and Vulnerability Management and security activities it’s important to have enough data available to correlate them.  Especially Microsoft Intune contains a lot of valuable information, but also other resources which are available via Microsoft Graph can be helpful. It is simple to add this information

Read More »
SOC Monitor Wall Layout
Security
Christoph Düggeli

SOC Monitor wall – Build your Content (Part 3)

In this blog post, I share how the dedicated workbooks could look like regarding their content. Note: During the analysis of a specific high-severity security incident in a customer environment you might want to display specific content on the SOC wall screen. Link to other Parts: Planning the Setup Develop

Read More »
SOC Monitor Wall Layout
Security
Christoph Düggeli

SOC Monitor wall – Planning the Setup (Part 1)

The big plus working in a SOC is the possibility to be on-site with other Security Analysts rather than being separated in the home office. Working in a MSSP SOC means to keep an eye on multiple customer SIEM’s simultaneously in terms of security incidents and anomalies/availability of mandatory log

Read More »