Advanced Threat Hunting in Microsoft 365 Security
Discover useful information from all 4 Microsoft 365 Defender menus. All the logs available in Microsoft 365 Defender products can be found in the Hunting menu in Microsoft 365 Security. If the user knows KQL, they can find all sorts of useful information about their cloud products like cloud app activity, device activity, and information […]
Implementing Ingestion Delay Correction in Microsoft Sentinel
Improve your analytic rule detection rate with a quick change. Microsoft Sentinel analytic rules do not correct for ingestion delay on their own, so this prompted the Microsoft Tech Community to post a blog about creating your own ingestion delay solution. The solution seems a bit convoluted, but it makes sense once you wrap your […]
What to Look for in a Cloud Security Analyst.
Find high potential candidates in your recruiting pool. CyberMSI has gone through 1,000s of resumes, and we are always seeking capable cloud security professionals. We look for some specific attributes that we know from experience will make a candidate successful as a cloud security analyst. In this blog, we discuss the features that we believe […]
Endpoint Investigation, Invasive or Invaluable?
Give analysts agency wihout losing availability. Microsoft Defender for Endpoint (MDE) has live response options that allow security analysts using the EDR system to take actions on a connected system. This is exciting for security departments that are using the tool, but this may raise concerns for the rest of the IT departments. MDE offers […]
Is “Always Encrypted” Actually Always Encrypted?
Secure your data with functionally always encrypted. Azure allows their database users to encrypt their data with “always encrypted”. This is a system that uses transparent data encryption in combination with other encryption methods to ensure that data is always encrypted in every state it is being used. In this blog, we will answer the […]
Managing Timestamps in Sentinel
Turn table data into an investigation timeline. Microsoft Sentinel uses raw table data to represent what is happening during an incident while using the investigation graph. This has resulted in some confusion around timestamps and what each of them mean. A cloud security analyst will have significantly more difficulty trying to figure out what happened […]
Why are There So Many Impossible Travels in MCAS?
Discern true and false positive impossible travels. Analysts at CyberMSI have been noticing a significant increase in MCAS impossible travel alerts lately. At first it looked like a trend in information security incidents, but after looking into the alerts further they discovered that the increase in this alert type was due to false positives. In […]
Implement CIS Controls in Microsoft Cloud Products
Secure your cloud environment with all 20 CIS controls. The Center for Internet Security (CIS) is a major player in information security controls. Cybersecurity Administrators at CyberMSI went over CIS controls version 7.1 to ensure that the organization had all aspects of their cloud environment secured. By the end of the project, we were able […]
Read Microsoft Sentinel Playbooks Like A Pro
Understand Microsoft Sentinel automation by breaking it down into parts. When an Azure user opens a logic app like Microsoft Sentinel Playbooks for the first time it may be intimidating seeing large chains of branched boxes with esoteric symbols. Fortunately, if the user understands what the primary types of action pieces do, they should be […]