Monitoring and Incident Response in Azure AD

Автор: SANS Cyber Defense

Загружено: 2021-11-02

Просмотров: 4698

Описание:

We are going to present our Azure AD Sec Ops guidance, so SOC teams know what to monitor, alert on and investigate. With so many events to monitor we will present the high-importance alerts recommended for investigating users, privileged accounts, apps and service principles as well as and core changes in your Azure AD environment. Key takeaways are for SOC teams to be able to collect the right logs, alert on the important events and investigate on these alerts. Will also showcase our playbooks for incident response when one of these alerts is triggered so these can be used and adapted by SOC teams so they can respond and remediate some of the most common attacks we see against Azure AD.

Yochana Henderson, Identity Program Manager, Microsoft
Thomas Detzner, Senior Program Manager, Microsoft

View upcoming Summits: http://www.sans.org/u/DuS
Download the presentation slides (SANS account required) at https://www.sans.org/u/1iaE
#BlueTeamSummit #Azure

Monitoring and Incident Response in Azure AD

Доступные форматы для скачивания:

Скачать видео mp4

Информация по загрузке:

Скачать аудио mp3

Похожие видео

Реагирование на облачные инциденты в Microsoft Azure

Реагирование на облачные инциденты в Microsoft Azure

Live Incident Response with Velociraptor

Live Incident Response with Velociraptor

Measuring Detection Engineering Teams

Measuring Detection Engineering Teams

Mastering Email OSINT: Techniques for Uncovering Online Footprints

Mastering Email OSINT: Techniques for Uncovering Online Footprints

It’s Raining Shells - How To Find New Attack Primitives In Azure by Andy Robbins

It’s Raining Shells - How To Find New Attack Primitives In Azure by Andy Robbins

#HITBCW2021 D1 — Сценарии атак с использованием Azure Active Directory — Билл Бен Хаим и Цур Улья...

#HITBCW2021 D1 — Сценарии атак с использованием Azure Active Directory — Билл Бен Хаим и Цур Улья...

Inside FOR509: Enterprise Cloud Forensics and Incident Response with Dave Cowen & Pierre Lidome

Inside FOR509: Enterprise Cloud Forensics and Incident Response with Dave Cowen & Pierre Lidome

Metrics on Steroids: Improving SOC Maturity using the SOC-CMM | SANS Cyber Defense Forum 2020

Metrics on Steroids: Improving SOC Maturity using the SOC-CMM | SANS Cyber Defense Forum 2020

Microsoft Sentinel Incident Response: How to Investigate, Manage & Automate Incident| Azure Sentinel

Microsoft Sentinel Incident Response: How to Investigate, Manage & Automate Incident| Azure Sentinel

Deep Dive into Security Orchestration, Automation and Response (SOAR) using Microsoft Azure Security

Deep Dive into Security Orchestration, Automation and Response (SOAR) using Microsoft Azure Security

Отзыв Microsoft: абсолютный КОШМАР конфиденциальности 2025 года

Отзыв Microsoft: абсолютный КОШМАР конфиденциальности 2025 года

License to Kill: Malware Hunting with the Sysinternals Tools

License to Kill: Malware Hunting with the Sysinternals Tools

What's New in Azure Firewall - February, 2024

What's New in Azure Firewall - February, 2024

Modern Phishing Tactics and How to Spot Them

Modern Phishing Tactics and How to Spot Them

Hands-On Workshop: Building Better Detections - Azure Edition

Hands-On Workshop: Building Better Detections - Azure Edition

Hunting for Suspicious HTTPS and TLS Connections

Hunting for Suspicious HTTPS and TLS Connections

Attacking and Defending Azure with BloodHound | Andy Robbins | WWHF San Diego 2022

Attacking and Defending Azure with BloodHound | Andy Robbins | WWHF San Diego 2022

Incident Response in the Cloud (119678)

Incident Response in the Cloud (119678)

Incident Response in the Cloud (AWS) - SANS Digital Forensics & Incident Response Summit 2017

Incident Response in the Cloud (AWS) - SANS Digital Forensics & Incident Response Summit 2017

Мониторинг безопасности облака и обнаружение угроз в AWS

Мониторинг безопасности облака и обнаружение угроз в AWS