Open in app

Sign In

Write

Sign In

Maarten Goet
Maarten Goet

824 Followers

Home

About

Published in Wortell

·Aug 28, 2020

Microsoft Threat Protection ‘Jupyter notebook’ #AdvancedHunting sample

TL;DR — I’ve created a Microsoft Threat Protection advanced hunting Jupyter notebook and shared it on my GitHub repository: https://github.com/maartengoet/notebooks/blob/master/mtp_hunting.ipynb Microsoft Threat Protection Microsoft Threat Protection unifies pre- and post-breach enterprise defenses and natively coordinates detection, prevention, investigation, and response across endpoints, identities, email, and applications to provide integrated protection…

Hunting

4 min read

Microsoft Threat Protection ‘Jupyter notebook’ #AdvancedHunting sample
Microsoft Threat Protection ‘Jupyter notebook’ #AdvancedHunting sample
Hunting

4 min read


Published in Wortell

·Feb 27, 2020

Defender ATP & Linux: trusting Microsoft to protect your open-source workloads

Microsoft’s Defender ATP has been a big success. The EDR-based solution for endpoints is taking the market by storm and organizations are often using the renewal dates of their current solution to move to Microsoft’s E5 licensing package to enjoy the benefits of behavioral endpoint analysis and protection. While Microsoft…

Azure

6 min read

Defender ATP & Linux: trusting Microsoft to protect your open-source workloads
Defender ATP & Linux: trusting Microsoft to protect your open-source workloads
Azure

6 min read


Published in Wortell

·Feb 24, 2020

Microsoft Threat Protection: going down the rabbit hole

Recently, Microsoft announced the general availability of Microsoft Threat Protection (MTP). The new over-arching solution combines signals from Microsoft Defender ATP (endpoints), Office 365 ATP (email), Azure ATP (identity) and Microsoft Cloud App Security (apps) into one central portal. Microsoft Threat Protection can automatically block attacks and eliminate their persistence…

Microsoft Azure

6 min read

Microsoft Threat Protection: going down the rabbit hole
Microsoft Threat Protection: going down the rabbit hole
Microsoft Azure

6 min read


Published in Wortell

·Feb 20, 2020

Honeypot for CVE-2020–0618 aka SQL Reporting Services vulnerability

Organizations can use so called Threat Intelligence feeds to purchase lists of IP addresses of potential malicious actors. Commercial parties like FireEye offer them at steep prices, but you could also look at freely available ones through for instance MISP. These lists consist of millions of IP addresses where at…

Azure

5 min read

Honeypot for CVE-2020–0618 aka SQL Reporting Services vulnerability
Honeypot for CVE-2020–0618 aka SQL Reporting Services vulnerability
Azure

5 min read


Published in Wortell

·Jan 16, 2020

Detecting CVE-2020–0601 and other attempts to exploit known vulnerabilities using Azure Sentinel

Yesterday, Microsoft has released a security update for Windows which includes a fix to a dangerous bug that would allow an attacker to spoof a certificate, making it look like it came from a trusted source. The vulnerability (CVE-2020–0601) was reported to Microsoft by the NSA. The root cause of…

Azure

4 min read

Detecting CVE-2020–0601 and other attempts to exploit known vulnerabilities using Azure Sentinel
Detecting CVE-2020–0601 and other attempts to exploit known vulnerabilities using Azure Sentinel
Azure

4 min read


Dec 9, 2019

Maarten Goet: speaker profile

I’ve been publicly speaking at various tech conferences around the world since 2006. First at local conferences such as Microsoft Technet Live (~100 visitors) and in recent years I’ve been fortunate to have the opportunity to speak at flagship events such as Microsoft Ignite (~26.000 visitors). Some speaking opportunities you…

5 min read

Maarten Goet: speaker profile
Maarten Goet: speaker profile

5 min read


Published in Wortell

·Dec 6, 2019

Azure Sentinel: advanced multistage attack detection — real machine learning for the real world

Microsoft is touting that they are offering machine learning as part of Azure Sentinel, something they call Azure Sentinel FUSION. I’ve written about it before here, and since general availability of Azure Sentinel it is enabled by default. You could easily be tricked into thinking that FUSION is marketing bingo…

Machine Learning

6 min read

Advanced multistage attack detection — real machine learning for the real world
Advanced multistage attack detection — real machine learning for the real world
Machine Learning

6 min read


Published in Wortell

·Oct 7, 2019

Azure Sentinel: designing access and authorizations that meet the enterprise needs

You’ve successfully deployed Azure Sentinel and are collecting data and using it for monitoring and hunting purposes. …

Azure

7 min read

Azure Sentinel: designing access and authorizations that meet the enterprise needs
Azure Sentinel: designing access and authorizations that meet the enterprise needs
Azure

7 min read


Published in Wortell

·Sep 30, 2019

Azure Sentinel: automating your Use Cases with PowerShell and the #AzSentinel module

Over the past few weeks we’ve seen immense interest in Azure Sentinel. Companies, big and small, are looking at Azure Sentinel for multiple reasons, for instance: burned out for running their own complex SIEM infrastructures, the easy integration with Azure and Office 365 data that Sentinel provides, etc. We’ve been…

Azure

4 min read

Azure Sentinel: automating your Use Cases with PowerShell and the #AzSentinel module
Azure Sentinel: automating your Use Cases with PowerShell and the #AzSentinel module
Azure

4 min read


Sep 30, 2019

Visual Studio Code — the swiss army knife for threat hunting with Azure Sentinel

Jupyter is a great platform for threat hunting where you can work with data in-context and natively connect to Azure Sentinel using Kqlmagic, but adding Visual Studio Code to the mix will give you even more superpowers! When working with Visual Studio Code and Jupyter you get intellisense, debugging, a…

Azure

6 min read

Visual Studio Code — the swiss army knife for threat hunting with Azure Sentinel
Visual Studio Code — the swiss army knife for threat hunting with Azure Sentinel
Azure

6 min read

Maarten Goet

Maarten Goet

824 Followers

Microsoft MVP and Microsoft Regional Director.

Following
  • Kevin Beaumont

    Kevin Beaumont

  • Antonio Formato

    Antonio Formato

  • Anton Chuvakin

    Anton Chuvakin

  • Mehmet Ergene

    Mehmet Ergene

  • David Okeyode

    David Okeyode

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech