Hi Medium! Here we are again with a new article about Sentinel. In this article, we will learn how we can detect FIN6 attack on Sentinel, this exercise is one of the most important ways to learn how to detect APT and high threats on your SIEM, this time our…

Hi Medium! Here we are again with a new article related to Sentinel, we will simulate different attacks and we will show you how we can detect them in the next articles that will come. Src: https://github.com/redcanaryco/atomic-red-team This article We will show how we can test our SOC and the capabilities to…

Hi Medium! Here we are again with a new article about Sentinel. In this article, we will take how we can introduce VirusTotal to Sentinel and how we use it for incident response. Contents Create a playbook or automation on Azure Configure the automation process to VT Add the playbook to our alert Resources…

Hi Medium! Here we are again with a new article about Sentinel. This article will introduce how to create alerts based on threat intelligence feeds, and what workbook to use, we will go through the following: Create Threat Intelligence Alert Add an Indicator Manually Threat Intelligence Workbook Before we start you can check the previous article regarding importing threat intelligence feeds…

Hi Medium! Here we are again with a new article about Sentinel. In this article, we will introduce how to link threat intelligence platform feeds to our Azure Sentinel. Contents Definition of TAXII and STIX. 2 STIX. 2 TAXII 2 How to add Anomali TI feeds to Sentinel How to add IBM X-Force Feeds to Sentinel Definition of TAXII and STIX STIX STIX, short for Structured Threat Information eXpression, is a standardized language developed by MITRE and the OASIS Cyber Threat Intelligence (CTI)…

Hi Medium! Here we are again with a new article about Sentinel. In this article, we will go give a simple introduction on how to create an alert on Sentinel. Contents Detect Brute Forcing Attack using KQL Define brute force Understanding KQL code Alert Brute Forcing Attack on RDP Simulate the RDP attack Resources Detect Brute Forcing Attack using KQL To create an alert, we need to first know what we want to detect and how to detect it so…

[6 min] Read Hi Medium! Here we are again with a new article. In this article, we will go through different tools and techniques that should be known to retrieve information from a target system and review its log on the Sentinel Azure platform. Summary Windows 10 VM creation and Sysmon…

How to detect a cyber attack or a threat Hi Medium! Here we are again with a new article, today we will talk about advanced threat detection and the several methods used in defense as follows: Threat Detection Concept How We Can Detect Threats 1. Threat Detection Team Facing different attacks is not an easy job, the threat detection team need to act…

Hi Medium! Here we are again with a new article, I was asked by a friend in my last article about Enumeration to provide a breakout on the SMTP technique. In this article, we will go through different tools and techniques that should be known to retrieve information about your…