SIEM
Internationalizing SIEM Rules
When workstations and services are used in a language other than English, some changes to detection rules are required to ensure consistent coverage
SIEM
When workstations and services are used in a language other than English, some changes to detection rules are required to ensure consistent coverage
Threat Hunting
Using the Microsoft Graph API with Python to hunt down malicious inbox rules in Office365 mailboxes
Azure
I've been starting to use Azure Sentinel [https://azure.microsoft.com/en-gb/services/azure-sentinel/] recently and explore some of its capabilities - there are currently about 40 built-in data-connectors that take logs from different services/products. I decided to see if I could add integrations with some open-source