Using Search in Security Center to find Indicators of Compromise

Indicators of Compromise (IoC) are individually-known malicious events that indicate that a network, or a computer has already been breached. You can find a lot of IoC at OpenIOC (www.openioc.org), such as the Zeus IoC. In some circumstances, the IoCs will indicate the existence of a particular file in the system, or the execution of…


Searching for suspicious user in Azure Security Center

Last September during my presentation with Meir at Ignite, we talked about how powerful the new search capability in Azure Security Center is, the integration with Log Analytics gives you total control, and flexibility to find what you really need.  But how to really use this? First step is to read our core documentation regarding Search…


Validating Connectivity with Azure Security Center

Azure Security Center is now hybrid, which means that you can connect computers that are located on-premises, and also in other cloud platforms such as AWS. This onboarding process is well documented in this article. The agent installation is pretty straight forward, and this agent is the same one used for OMS Security, which has versions for Windows and…


Incident Response in Hybrid Cloud

I had a great time yesterday at Hacker Halted, my presentation was packed with great security professionals, great questions, and the networking was outstanding. My deck available here (in PDF format), and if you attended the session, make sure to connect with me via LinkedIn.