- 20
- 39 350
HardConceptsSimple
Australia
Приєднався 26 січ 2008
Onboard Linux Machine into Microsoft Defender for Endpoint
1. Onboard Linux Machines into MDE which includes all nuances and permission issues being solved in real-time along the way.
Additional documentation and videos i referred:
1. github.com/microsoft/mdatp-xplat/tree/master/linux/installation
2. learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/linux-install-manually?view=o365-worldwide
3. ua-cam.com/video/dxBgL1PxuEA/v-deo.html&ab_channel=MicrosoftSecurityCommunity
#A user commented on uploading files into home directory and then move those files if you need with sudo or root account instead of Security Admin, please investigate that path to confirm which method is best suitable. Thank to the well-wisher for providing those comments 👍
Additional documentation and videos i referred:
1. github.com/microsoft/mdatp-xplat/tree/master/linux/installation
2. learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/linux-install-manually?view=o365-worldwide
3. ua-cam.com/video/dxBgL1PxuEA/v-deo.html&ab_channel=MicrosoftSecurityCommunity
#A user commented on uploading files into home directory and then move those files if you need with sudo or root account instead of Security Admin, please investigate that path to confirm which method is best suitable. Thank to the well-wisher for providing those comments 👍
Переглядів: 1 968
Відео
Export Sentinel Data into Storage Account using Capture and Event Hub (Step by Step)
Переглядів 1,1 тис.2 роки тому
Step by Step method to export Sentinel Data into Storage Account using Event Hub and Capture method 1. Create the right sized Event-Hub (watch from 04:30 onwards) ua-cam.com/video/2KNt5P1Rx0w/v-deo.html&ab_channel=HardConceptsSimple 2. Query to seach data in storage account let ActivityLogs = externaldata (TimeGenerated:datetime, OperationName:string, OperationNameValue:string, Level:string, Ac...
Archive Sentinel Data into Azure Data Explorer and Storage account via Event Hub (Updated Video)
Переглядів 1,5 тис.2 роки тому
Step by Step process to export data from Log Analytics Workspace into Azure Data Explorer and Storage Account simultaneously via event hub 1. Read data from Storage Account via Log Analytics workspace ua-cam.com/video/Oo5vQ07-rVU/v-deo.html (Watch from 27:00 onwards) 2. Document to copy sentinel data to azure data explorer www.linkedin.com/pulse/howto-configure-azure-sentinel-data- export-long-...
CISSP Exam Day Rule#1 - TRAIN YOUR MIND
Переглядів 1,8 тис.2 роки тому
7 mindset steps that will influence the outcome of your exam . Based on research and input from a number of test takers, these steps will hold the key to fighting the mental roadblocks that every test taker faces during the 3 hours in the exam.
Clear CISSP 1st time and TACKLE mental roadblocks
Переглядів 11 тис.2 роки тому
Mindset required to crack the CISSP Exam. Have also included the resources i used to pass the CISSP exam in 5 months. Reading Materials : 1. Most important is the mindset which is mentioned in the video 2. Sybex 9th Edition and Practise Tests 3. Kelly Handehan videos from Cybrary 4. Infosec4TC by Mohammed Atef 5. Prabh Mohan , Luke Ahmed , Andrew Ramdayal snippets in youtube 6. How to think lik...
Week 3 - 6 CISSP Challenge
Переглядів 1822 роки тому
Continuing from my previous video of the 10 Week CISSP Challenge and the domains that i have covered in these 3 weeks. Please join the challenge if you haven't yet and would love to know your progress. All the best As mentioned in the video location of Domain 3 and Domain 4 PDF presentation: Domain 3: onedrive.live.com/? authkey=!AJEmUkt8J7slu1c&cid=1590B798C9CD6D68&id=1590B798C9CD6D68!137204&p...
JIT Access for Azure VM's - STOP exposing Port 3389/22 to the entire universe
Переглядів 2092 роки тому
Video with theory and practical demonstration to protect the Azure VM that has a Public IP attached to it and has port 3389/22 open. Resources taken information from: docs.microsoft.com/en-us/azure/defender-for-cloud/just-in-time-access-usage?tabs=jit-config-avm,jit-request-asc docs.microsoft.com/en-us/azure/defender-for-cloud/just-in-time-access-overview github.com/Azure/Microsoft-Defender-for...
5 keys elements every person aspiring to enter IT cloud workforce should know. Timing in description
Переглядів 1222 роки тому
5 keys elements every person aspiring to enter into IT cloud workforce should know from the lens of a senior cyber consultant Importance of a Kick-Off Session - Starts from 03:51 Strategies to face obstacles and work as a team - Starts from 06:26 3 examples of cloud based security systems - Starts from 11:20 Importance of breaking down technical jargon - Starts from 14:18 Importance of continou...
Microsoft Sentinel Logs to Storage Account (Blooper Alert Inside!!!)
Переглядів 4572 роки тому
Easily move Your Microsoft Sentinel Logs to Long-Term Storage. I have done a silly mistake and included the troubleshooting steps to fix it. If you dont want to see how to fix that skip from 14:00 - 26:30 Referred Article - techcommunity.microsoft.com/t5/microsoft-sentinel-blog/move-your-microsoft-sentinel-logs-to-long-term-storage-with-ease/ba-p/1407153
Integrate Security Centre Alerts to Azure Sentinel
Переглядів 8722 роки тому
Integrate Azure Security Centre (Defender for Cloud) Alerts to Azure Sentinel. Using Sentinel as the single source to analyse incidents and alerts will be helpful as you start to recieve alerts from different security products and want to have just one pane of glass for all monitoring purposes. Have also shown how to generate sample alerts from Azure Security Centre (Microsoft Defender for Clou...
Week 2 CISSP Challenge - Steps to conquer your mind ...Mindset is everything..
Переглядів 3822 роки тому
Week 2 CISSP challenge. Posted video after completion of Domain 1 and Domain 2. The biggest lesson learnt is that mindset is everything. Break the learning into 15m chunks to make the time spent is used effectively Also shows how to access CISSP chapter questions online rather than reading it in the book.
Create Azure Diagrams using Draw.io for FREE
Переглядів 7 тис.2 роки тому
Leverage Draw.io to create useful Azure designs for free. An alternative to Visio for such drawings
Read Azure Storage Account Data using Azure Data Explorer (ADX)
Переглядів 5062 роки тому
Read Azure Storage Account Data using Azure Data Explorer (ADX) using simple 3 steps. Video based on the following article docs.microsoft.com/en-us/azure/azure-monitor/logs/azure-data-explorer-query-storage INSTRUCTIONS TO FOLLOW: 1. To create Azure Data Explorer follow the link ua-cam.com/video/7WcWztCDvVk/v-deo.html 2. To create storage account follow the link ua-cam.com/video/RQ6DNf6yjXQ/v-d...
Copy Data from Azure Data Explorer into Storage Account for Long Term Retention with 4 easy Steps
Переглядів 1,1 тис.2 роки тому
Step by Step instruction on how to export Data from Azure Data Explorer into Storage Account. Main Steps to Follow: 1. Watch the previous video of how to create Azure Data Explorer and ingest Sentinel logs into ADX ua-cam.com/video/7WcWztCDvVk/v-deo.html 2. Watch this video once 3. Copy the script attached in comments section and watch the video again as a reference when implementing in your en...
Export Sentinel Data to Azure Data Explorer for Long Term Retention (EasyStepbyStep)
Переглядів 1,1 тис.2 роки тому
Step by Step instruction on how to export Sentinel Data to Azure Data Explorer based on the document below techcommunity.microsoft.com/t5/microsoft-sentinel-blog/using-azure-data-explorer-for-long-term-retention-of-microsoft/ba-p/1883947 This is a heavy topic , had to comprise days worth of learning into 30 minutes . Review this video with the following in mind 1. Go through the document in a h...
Export Azure Analytics Active Rules into Excel
Переглядів 1,3 тис.2 роки тому
Export Azure Analytics Active Rules into Excel
Create Azure Service Principal to access Resources - NO Username/password anymore
Переглядів 3812 роки тому
Create Azure Service Principal to access Resources - NO Username/password anymore
Pass CISSP Together (Let's smash it together in 10 weeks)
Переглядів 2062 роки тому
Pass CISSP Together (Let's smash it together in 10 weeks)
Monitor "Debian 10" and "Windows Server 2022" VM in Log Analytics Workspace
Переглядів 3452 роки тому
Monitor "Debian 10" and "Windows Server 2022" VM in Log Analytics Workspace
Create Playbook to email Azure Sentinel Incident with proper HTML formatting
Переглядів 8 тис.2 роки тому
Create Playbook to email Azure Sentinel Incident with proper HTML formatting
This is gold
I have 60 days! 😂 the Sybex book is so dry and poorly structured. You only did 15 pages per study session?
Hey there, what about the first 90 days? If you're exporting after the logs were received by sentinel, you're still paying for the first 90 days at the full analytics cost. Couldn't you use ADX as a pre-processor to filter logs you don't need in Sentinel and redirect them to blob storage? eg. trusted firewall traffic to/from trusted hosts.
So hit pause and take how much time guessing 10min max 15min exam
What is your name, how can we find you on LinkedIn?
www.linkedin.com/in/sam-panicker-934217196/
Much appreciation, you made this task easy for me. This was exactly what I needed. :)
I just wanted to circle back and like this video. I also wanted to share that I passed the CISSP.
Amazing effort champ , well done👍👍
Great video, thanks for posting
from Kerala ... :)
How do you change the release_ring for devices and what release rings are supported?
thank you, it was very helpful! Wish you all the best!
when logged in as root you don't need sudo... that looks a bit weird.
Workspace Usage Report is now moved to the Content hub.
Amazing video! Thank you so much for your insight. We need more people like you in the community!!!
I am getting the below error ExpressionEvaluationFailed. The execution of template action 'For_each_2' failed: the result of the evaluation of 'foreach' expression '@triggerBody()?['object']?['properties']?['Alerts']' is of type 'Null'. The result must be a valid array. Please help me fix this.
Hi there same here I had the same issue please did you find any solution ?
Thanks for this video, but I will like to know if we can use the same logic to archive data in custom log tables. I think data export does not support custom log tables, so how can this be achieved?
Hi, I have a question. I've created a playbook and everything seems to work except for viewing the Entities. When the mail arrives the entities are empty. I entered: <li><strong>EntityName</strong>:Entities</li> (Listof entites related to the incident can contain......) but the entities displayed on Sentinel do not appear in e-mail. How can I do? Thank you.
Is that Excel document available to download?
HI Gregory. Unfortunately, that is my IP but more than happy for you to creating one looking at that, thanks 👍👍
As usual, nailed it Sam!
Great tutorial. Question: can we use same on Centos and Debian?
sure you can , the automated script works for all linux flavours 👍👍. Also refer to that manual doco attached to understand more about Debian specific queries
Many thanks, this saved me a lot of time.
Thank you for sharing your experience! 💯
Thanks for making this clear!
Great explanation! Thank you for sharing
good content
Hi Sir, I followed your video instruction but i'm getting below error message, please guide me how to fix. ExpressionEvaluationFailed. The execution of template action 'For_each' failed: the result of the evaluation of 'foreach' expression '@triggerBody()?['object']?['properties']?['Alerts']' is of type 'Null'. The result must be a valid array.
Did you ever figure out your issue? I am getting the exact same error
@@rpighin Any luck on this one?
how would we send the same incident to a event hub so that it can be ingested into a third party SIEM ?
ua-cam.com/video/2KNt5P1Rx0w/v-deo.html&ab_channel=HardConceptsSimple - Please have a look at this video ,, i discuss about event hubs in this 👍👍
Great Video - thanks
So many Thanks for this video. This answers so many of the questions that I had. And off course hats off to you to stay off-course. Congratulations.
Thanks Mathew 👍👍All the best with your exams
crisp simple and clear explanation
Thanks Manoj
Congratulations 👏
Thanks mate
I got tripped up because the Security Center is now known as Defender for Cloud. Otherwise, great content and thank you for the knowledge.
Thanks James appreciate that champ
Is there a way to apply the email playbook to all analytics rules? - It seems very painful to add email notifications this way to all incidents that may be generated.
There is a powershell script to do mass rollout ..Please see this reference:techcommunity.microsoft.com/t5/microsoft-sentinel/how-to-mass-apply-a-playbook-to-all-analytic-rules-at-once/m-p/2070715
Thank you sharing your experience, I'm one month out from the exam and 2 weeks out from my boot camp. I've been living, breathing, sleeping, eating CISSP the past two months. The nerves are starting to set in and I'm scared. The main thing is getting into mindset; I've trying to adopt an obsessive Kobe-like frame of mind to beat up, crush, and kill this exam so that (ISC)^2 will never be a threat ever again to me providing a better life for my wife and dogs.
All the best mate ...just make you dont stress yourself too much because of all the expectation. Be relaxed and looks like your have been preparing for a while and everything will be allright. Good luck !!!
Great video! It is possible to use a managed account to sent emails? I mean, instead of sending emails from a personal email account (For this case was DPM Service)
HI Axel thank you watching the video, yes you definitely can and is the recommended way of doing this. I have created and used a service account to do a similar task in one of my previous videos 👍
@@SecurityMadeSimple Thanks for replay, mate. I followed the instructions like in the video of creating a Service Account and executed the Logic App, but when it comes to link an account to send an email via Outlook, I found that is the personal account who is sending the alert emails when Logic App is executed. Is there a way to link this Service Principal Account to Outlook to send alerts instead of my personal Outlook account?
Thank you for this 🙏🏽
You are so welcome and thank you for watching
really helpful and brilliant concepts.., thanks for the amazing seven tips
The best guide on Sentinel I have seen so far. Thank you brother. How can I contact you via email?
Thanks Ed for those kind words. Please feel free to reach out to me in linkedin
They don’t declare results for entry level cybersecurity for the last year 😏
That's not good, not sure what happened there. Hope it gets resolved soon. All the best champ 👍👍
Preparing for my CISSP but I have a mental block in domain 4
All the best Ester just keep trying, its common for people to find this domian long and boring but i assure you if you keep ploughing through it , things are gonna get much easier. Good luck
Thanks for sharing
My pleasure
Enjoy
Thank you so much Asish
Thanks for this. Exam tomorrow 😅
All the best champ. Good luck and let us know how you go 👍
Nice Video
Thanks Avinash
Great Video. Please make video on different Azure sentinel scenarioes.
Very good video.
Thank you sir for recording this video and shared your knowledge.❤
Thank you Avinash
hi, That's fine but how do we identify what is the alert for? and this alert is generated by whom?
Hi Dubesto, more than i try to explain if you ahve a chance to generate a test alert would be great as the answers to your questions will be in that. So basically when you look into that alert it will tell you the rule that generated the alert, will give you an incident overview and a description to help you understand what the alert is for. Hope this helps
What would you recommend for someone with no IT experience to pass this exam?
HI There. Its actually recommended to have at least 1-2 years IT experience before attempting this exam. Doing CISSP in itself if of very less value until you can actually relate this to your job so the concepts you worked so hard to master in CISSP can actually take effect. Its also easy to grab concepts in CISSP if you can relate it to something you are already working on. There are multiple youtube videos of people obtaining CISSP with at least 1-2 years of experience. Again this is my personal opinion and hope this info helps. Stay safe !!!
@@SecurityMadeSimple thanks.
Like the pilot kinda sound. It makes me relax and just listen. Good guidance by the way...
Thats a very interesting commenting champ. Much appreciated and thanks for that 😀😀