Azure Arc – Add servers from Update Management
Azure Arc - Add servers from Update Management The good thing about the Azure Arc is that you can deploy the agent in many different ways. As of today, you can deploy the agent [...]
Create Data Collection Rules for Azure Sentinel
Create Data Collection Rules for Azure Sentinel This article shows you how to create Data Collection Rules for the Windows Security Events data connector in Azure Sentinel. Before you continue, please read the older [...]
Deploying Azure Arc agent using PowerShell + AMA + Tagging
Deploying Azure Arc agent using PowerShell + AMA + Tagging In this post, we take a closer look at how to deploy Azure Arc agents using PowerShell and tag them [...]
#AdminPrintNightmare
#AdminPrintNightmare On August 10, Microsoft posted a blog post about changes to the point and print. You can read the official story from here - https://msrc-blog.microsoft.com/2021/08/10/point-and-print-default-behavior-change/ After the August patches, standard users cant add [...]
Active Directory Certificate Services XPath Queries
Active Directory Certificate Services XPath Queries In our previous blog post, we enabled ADCS auditing and we also included the Excel spreadsheet with different event IDs. In Azure Sentinel, we have the Windows Security [...]
Audit NTLM using Azure Sentinel – part 1
Audit NTLM using Azure Sentinel – part 1 This time we are going to take a closer look at NTLM usage. Most likely, you have seen the news about the #PetitPotam and the attack [...]
Audit Active Directory Certificate Services using Azure Sentinel
Audit Active Directory Certificate Services using Azure Sentinel This blog post shows you how to enable and configure Active Directory Certificate Services auditing. What do you need? Log Analytics workspace Azure Sentinel Azure Arc [...]
Manage Defender for Endpoint device tags through Azure Automaton DSC
Manage Defender for Endpoint device tags through Azure Automaton DSC Another day I was playing around again with the Azure Desired State Configuration feature, and I wanted to test out [...]
Our notes about #printnightmare zero-day and Kaseya
Our notes about #printnightmare zero-day and Kaseya As you have already heard, there is a zero-day vulnerability in the print spooler service. Microsoft also posted the official CVE-2021-3452 on their [...]
Getting started with Azure Sentinel and PowerShell
Getting started with Azure Sentinel and PowerShell Now that we have an official PowerShell module for Azure Sentinel, we can use PowerShell with Azure Sentinel. In this post, I will [...]
Azure Sentinel Analytics Rules
Azure Sentinel Analytics Rules I exported all the Azure Sentinel Analytics Rules to an Excel spreadsheet. […]
Azure Sentinel management using PowerShell eBook
Azure Sentinel management using PowerShell eBook I put together a small ebook about Azure Sentinel management using PowerShell. […]