Microsoft Ignite 2020 has started and with it we already got quite some announcements from the security perspective. In this post, I’d like to give a short roundup of everything that was announced regarding security operations. Microsoft 365 Defender We have a new name for a product family: Microsoft 365 Defender. M365 Defender is an…
Tag: Azure Sentinel
Azure Sentinel – monitor servers using Sysmon
In this post I’m showing how to connect Windows servers to Azure Sentinel, install Sysmon, how to parse those events, and what to do with them. After all, Sentinel is a cloud-native SIEM, but luckily, it’s not cloud-only. Setting up Azure Sentinel This step is quite simple. Sentinel is basically just a solution that builts…