Skip to main content

Posts

2024

Practical Temporal Proximity in KQL
·1442 words·7 mins
Temporal Proximity in Information Security refers to the occurrence of two or more related events, similar or different in nature, within a specified time frame.
Simplifying User and Entity Behavior Detection
·2090 words·10 mins
Like Nailing Jell-o to a Wall # In a poll I ran asking the community which detection domains could use more of their attention, User Behavior reigned supreme.
Stack Your Deception: Stacking MDE Deception Rules with Thinkst Canarytokens
··1534 words·8 mins
Updated Changelog: corrected Path for custom lures A relatively new and straight forward feature pushed to client machines through Microsoft Defender for Endpoint as part of Defener XDR is the Deception capability.
Enhancing Your Entity Timelines: Sentinel Activities in the Unified Microsoft Defender XDR Portal
·1201 words·6 mins
With the recent release of the Microsoft unified security operations platform in the Defender portal which is the integration of Microsoft Sentinel and Microsoft Defender XDR, there has been A LOT to take in.