Segregation of access to logging data is a crucial topic that arises during Microsoft Sentinel architecture sessions. This blog post provides some of the common ways to implement it.
BlueVoyant #microsoftsentinel
managedsentinel.com/microsoft-sent…

Microsoft Sentinel introduced a significant number of new features and improvements of existing ones since our last diagram update. This one page diagram attempts to cover the core components and the integration with log sources.

managedsentinel.com/microsoft-sent…

#microsoftsentinel #siem

2 new Microsoft Sentinel alert rule templates published:

- Workspace deletion activity from an infected device
- TI map IP entity to Network Session Events (ASIM Network Session schema)

#microsoftsentinel
BlueVoyant

6 new Microsoft Sentinel alert rule templates published:
#microsoftsentinel
BlueVoyant

2 new Microsoft Sentinel alert rule templates published:
#microsoftsentinel
BlueVoyant

Chia_Crypto_Mining IOC - June 2021
(Preview) TI map IP entity to DNS Events (ASIM DNS schema)

2 new Microsoft Sentinel alert rule templates published:
#microsoftsentinel
BlueVoyant

Front Door Premium WAF - SQLi Detection
Front Door Premium WAF - XSS Detection

6 new Microsoft Sentinel alert rule templates published:
#microsoftsentinel @bluevoyant

2 new Microsoft Sentinel alert rule templates published:
#microsoftsentinel @bluevoyant

Guest accounts added in AAD Groups other than the ones specified

Guest accounts changed user type from guest to members in AzureAD

8 new Microsoft Sentinel alert rule templates published (471 in total):
#microsoftsentinel @bluevoyant

New Microsoft Sentinel alert rule templates published:
#microsoftsentinel BlueVoyant

New Microsoft Sentinel alert rule template published:

AD FS Abnormal EKU object identifier attribute

Uses Security events from the AD FS Auditing provider to detect suspicious object identifiers as part event ID 501 (from the Enhanced Key Usage attributes).

#microsoftsentinel

New Microsoft Sentinel alert rule templates published:
#MicrosoftSentinel BlueVoyant Managed Sentinel

The bane of my existence...

28 new Microsoft Sentinel alert rules published:

#microsoftsentinel BlueVoyant

New Microsoft Sentinel alert rule published:
Title: New External User Granted Admin
Description: This query will detect instances where a newly invited external user is granted an administrative role.
#microsoftsentinel

New Microsoft Sentinel alert rules published:
- PulseConnectSecure - CVE-2021-22893 Possible Pulse Connect Secure RCE Vulnerability Attack
- Hive Ransomware IOC - July 2022
- AV detections related to Hive Ransomware

#microsoftsentinel