Monitoring and Incident Response in Azure AD

Channel:

SANS Cyber Defense

Subscribers:

23,600

Published on November 3, 2021 5:45:00 AM ● Video Link: https://www.youtube.com/watch?v=T-ZnAUt1IP8

Duration: 41:31

2,773 views

We are going to present our Azure AD Sec Ops guidance, so SOC teams know what to monitor, alert on and investigate. With so many events to monitor we will present the high-importance alerts recommended for investigating users, privileged accounts, apps and service principles as well as and core changes in your Azure AD environment. Key takeaways are for SOC teams to be able to collect the right logs, alert on the important events and investigate on these alerts. Will also showcase our playbooks for incident response when one of these alerts is triggered so these can be used and adapted by SOC teams so they can respond and remediate some of the most common attacks we see against Azure AD.

Yochana Henderson, Identity Program Manager, Microsoft
Thomas Detzner, Senior Program Manager, Microsoft

View upcoming Summits: http://www.sans.org/u/DuS
Download the presentation slides (SANS account required) at https://www.sans.org/u/1iaE
#BlueTeamSummit #Azure

Other Videos By SANS Cyber Defense

2021-11-22	Bringing the Sexy Back to Blue Team, with Eric Conrad and Seth Misener
2021-11-17	Modern Authentication for the Security Admin
2021-11-15	DeTT&CT(ing) Kubernetes ATT&CK(s) with Audit Logs
2021-11-13	Ransomware Preparation, Containment and Recovery Strategies
2021-11-12	Building on the Foundations of OSINT with SEC587: Advanced Open-Source Intelligence
2021-11-12	AI & ML in the Modern SOC
2021-11-11	YARA for Mere Mortals
2021-11-09	Threat Sightings: The Power of Observation for Driving Cyber Threat Detection Improvements
2021-11-07	Blue-Team-as-Code: Lessons From Real-world Red Team Detection Automation Using Logs
2021-11-05	Measuring Detection Engineering Teams
2021-11-02	Monitoring and Incident Response in Azure AD
2021-11-01	Threats & Challenges 2021: What Cyber Defenders Need to Know – and Do
2021-10-30	Knocking on Clouds Door: Threat Hunting Powered by Azure AD Reports and Azula
2021-10-29	Random Forests: Still Useful?
2021-10-28	Data Science for SOC: A Practical Example of Detecting Advanced Credential Attacks
2021-10-26	TShark: Leveraging statistics \| Nik Alleyne
2021-10-26	The Yellow Brick Road: Where Lions and Tigers and Bears Meet
2021-10-24	Adversary Simulation: Measure and Close the Gaps in Your Security Posture
2021-10-22	Can we REALLY 10X the SOC?
2021-10-21	Zero Trust Architecture – Applying ZTA in Today’s Environment
2021-10-20	A River Runs Through IT: What Whitewater Rafting Taught Me About Incident Response

Tags:

sans institute

blue team

blue team operations

blue team summit

sans blue team summit

yochana henderson

thomas detzner

incident response

incident resonse monitoring

incident response in azure ad

azure active directory

azure active directory (ad)

Channel	Latest
ChaDuL Gaming	6 hours ago
GamerzTV	6 hours ago
Trend Bilgiler	6 hours ago
Vidlive Gaming Official	6 hours ago
Imshiso	7 hours ago
Viny Tutoriais	7 hours ago
HEROSOMEONE	7 hours ago
RichardBean234	7 hours ago
Bip Plays	7 hours ago
League of SUPPORT - LOL Replays	7 hours ago
domisumReplay: Teemo	7 hours ago
KefkaVI	7 hours ago
m4nu3l_YT	7 hours ago
domisumReplay: Syndra	8 hours ago
MaxFiveBass	8 hours ago
Jack Ask	8 hours ago
domisumReplay: Yorick	8 hours ago
WMA Gaming	8 hours ago
Sully	8 hours ago
Jaeguchi	8 hours ago
domisumReplay: Kayle	9 hours ago
domisumReplay: Irelia	9 hours ago
BaLoRi	9 hours ago
Inka Bros pe	9 hours ago
Reagent V	9 hours ago