Detect threats using Microsoft Graph activity logs - Part 2
Cloudbrothers
2023-11-11 08:38:45
收藏
In part one I focused mostly on detecting offensive security tools like AzureHound, GraphRunner, and PurpleKnight. In part two I will go into more depth how you can use the now available information for hunting and how to correlate it with other datasets to gain deeper insights. Correlate Graph activities with other log sources While the MicrosoftGraphActivityLogs alone is a trove of information, correlating it with other logs makes it an even more interesting data source.
目录
最新
- Remove old or orphaned Sentinels from the XDR Streaming API
- Detect threats using GraphAPIAuditEvents - Part 3
- Workshop: Kusto Graph Semantics Explained
- EDR Silencers and Beyond: Exploring Methods to Block EDR Communication - Part 1
- You always trust your CSP - Cross Tenant MFA and GDAP
- Find lateral movement paths using KQL Graph semantics
- Data Protection Made a Breeze: MDA integration in Edge for Business
- Passkey Public Preview for Entra ID