Automating Security Monitoring - Part 2: Automation

A look at automating alerts and incident-handling.

Let’s get straight to the point; security monitoring is the process of consuming data, analyzing it and detecting malicious activity, then handling that malicious activity. There are more factors at play that will influence some of your decisions: [Read More]
Tags: Microsoft Sentinel, Automation, SOAR, Security Monitoring, Security Automation Orchestration and Response

Automating Security Monitoring - Part 1: Data

A look at how to get started automating security monitoring (or just stuff in general).

Lately I’ve been presenting a few times on the topic of automation and in particular for security monitoring to combat alert fatigue. One of the most important parts of this is the automation part. It’s not so much about security or security monitoring, but about teaching what automation is, what... [Read More]
Tags: Microsoft Sentinel, Automation, SOAR, Security Monitoring, Data Engineering, Data Engineering Pipelines

Christmas Wrappers - Part 1

How to create a wrapper script in Powershell

One of my earliest posts was “Building a function”. It was my attempt at teaching people to build a function in Powershell. It’s a bit outdated now, but I still think it’s a decent read - however, the time has come to revisit the topic of Powershell-functions. This time, in... [Read More]
Tags: Powershell, pwsh, Cyber Security, MISP