Templating
[Read More]
Adding a Key Vault to your Microsoft Sentinel Data Connector ARM-template
A subset of Data Connector for Sentinel come in the form of Azure Functions deployed using an ARM-template. Most if not all of these functions avoid actually implementing a Key Vault to secure your variables, so here's the snippets to implement it yourself.
Introduction
[Read More]
Hardening Azure Active Directory
Going over some attack paths for Azure Active Directory (that I know of) and how to harden your environment to avoid exploitation (or just minimize the risk slightly). The focus for this post is app registrations and basic enumeration.
Introduction
[Read More]
Auditing Microsoft Sentinel queries in an Azure Lighthouse-environment
Quick introduction to auditing Microsoft Sentinel queries in a cross-tenant scenario - and some things to be aware of.
Scenario
[Read More]
Assign roles to managed identities in Microsoft Sentinel playbooks using Azure Lighthouse
Grant access via Azure Lighthouse using User Access Administrator delegation, ARM-templates, pipelines and powershell.
Scenario
[Read More]