CISA Incident Preparedness in Microsoft Sentinel
Make adjustments to your cloud environment to enhance your incident readiness. Cybersecurity and Infrastructure Security Agency (CISA) is a US government organization that is dedicated to making sure that the nation’s cybersecurity is as strong as it practically can be. CISA routinely produces cybersecurity recommendations that organizations can use to enhance their security and incident […]
How to Share Sentinel Features on GitHub
Share your Microsoft security ideas with the community. In Microsoft Sentinel, the features that are used to help with incident management can be customized so that they can be used for any situation that an analyst can think of. The customizability of the Microsoft Sentinel features has resulted in 1,000s of uploads to GitHub from […]
What is Happening in the Microsoft 365 Security Menu Consolidation?
Investigate multi-staged incidents in 1 menu instead of 3. Microsoft recently announced their intentions to consolidate some of their cloud security products and that they have already started the process. Some of the most obvious changes are already apparent like the new navigation options added to the Microsoft 365 Security menu, but what else will […]
Why Work at CyberMSI?
Develop your skills on an exciting new frontier. If you or someone you know is looking to get into cybersecurity as a career, CyberMSI is constantly expanding their team of cybersecurity professionals. We are trying to attract professionals with the most drive and potential, which is why we are putting extra effort into making sure […]
Minimum Permissions Needed for a Microsoft Cloud Security Analyst
Investigate Incidents Effectively with Principal of Least Privilege. Microsoft’s system of assigning permissions is a frequent source of confusion for security administrators that are trying to keep the level of permissions they are giving out to a minimum. Someone will walk into their office saying “I need security reader” not knowing that there are several […]
Deploy Microsoft Sentinel Analytic Rules from 3rd Party Sources
Deploy analytic rules from sources all over the web. The cybersecurity community is constantly developing and sharing analytics that can be used to detect potentially malicious activity. Cybersecurity analysts working with Microsoft Sentinel can take these shared analytics and turn them into analytic rules. The only issue is that there is not a clear set […]
Which Connection Should I Use for Playbooks?
Give out permissions with the right balance of security and manageability. With the release of the managed identity option for Microsoft Sentinel playbooks, there are now 3 viable options for connecting playbooks to an identity that has the needed permissions. Information about these connection types is difficult to find in Microsoft documentation, so deciding which […]
What to Expect in the Microsoft SC-200 Exam
An exam built specifically for cloud security analysts. Microsoft recently released a new SC series of exams that are designed for more specific security domains in Microsoft cloud security products. The SC-200 is an exam for cybersecurity analysts who are using the Microsoft cloud EDR and SIEM solutions. This exam is very useful for testing […]
What Are Administrative Units and How Do I Use Them?
Give out subscription level permissions for only a specific set of users. Microsoft recently released the new administrative units feature for Azure Active Directory (AD). Good folks over at Microsoft were so excited about the new feature that they instantly added it as a section in the AZ-500 cloud security exam. However, we at CyberMSI […]