Badges
20 Points
2 Years
User Activity
About 2 years ago
Contributed a review of Microsoft Sentinel: Gives you one place to close incidents, and KQL is definitely a step up when it comes to security
About 2 years ago
Answered a question: What are the top use cases to implement after deploying a SIEM?
My expertise is based on Microsoft products: Defender 365 (the Defender suite) and Microsoft Sentinel (SIEM/SOAR)
I would never leave the “automated response” approach (SOAR), but I also see XDR and SOAR as tools, that complement each other.
It’s actually a tough question…
Over 2 years ago
Answered a question: What are the top use cases to implement after deploying a SIEM?
It really depends on your environment
As none of us knows what Azure services you are using, it's hard to come up with hard/direct answers to your question.
In general, however, it’s always a good idea to monitor identities and the security policies around identities i.e.…
Over 2 years ago
Contributed a review of Azure Monitor: Scalable and stable monitoring tool with data collection, analysis, and alerting features
Reviews
About 2 years ago
Microsoft Sentinel
Over 2 years ago
Azure Monitor
Answers
About 2 years ago
Security Information and Event Management (SIEM)
Over 2 years ago
Security Information and Event Management (SIEM)