Detect threats using Microsoft Graph Logs - Part 1
Cloudbrothers
2023-10-14 08:38:45
收藏
When working with Microsoft Entra there are many log sources you can use to detect usage and changes to the environment and the assets within it. Most of them can be forwarded using the diagnostic settings to different targets for better analysis capabilities or long term storage. In many cases a Microsoft Sentinel or Log Analytics workspace is the target of choice, but also other SIEM solutions can benefit from this stream of log data.
目录
最新
- Remove old or orphaned Sentinels from the XDR Streaming API
- Detect threats using GraphAPIAuditEvents - Part 3
- Workshop: Kusto Graph Semantics Explained
- EDR Silencers and Beyond: Exploring Methods to Block EDR Communication - Part 1
- You always trust your CSP - Cross Tenant MFA and GDAP
- Find lateral movement paths using KQL Graph semantics
- Data Protection Made a Breeze: MDA integration in Edge for Business
- Passkey Public Preview for Entra ID