The hottest Incident Response Substack posts right now

And their main takeaways
Category
Top Technology Topics

Microsoft Sentinel SOC 101: How to Detect and Mitigate Multiple Microsoft Teams Deleted by a Single User with Microsoft Sentinel

Rod’s Blog 39 implied HN points 07 Feb 24
🕹 Technology Security Software Data Management Incident Response Cloud Computing
  1. Use Microsoft Sentinel to detect and respond to multiple Teams deletion events in your organization.
  2. Collect Teams activity logs in Microsoft Sentinel to monitor data and detect security risks.
  3. Write custom analytics rules in Microsoft Sentinel to generate alerts for suspicious activities, such as multiple Teams deletion by a single user.

Entrust mis-issues a certificate, Refuses To Follow CA/B Rules

Musings about WebPKI and Public Trust 8 HN points 15 Mar 24
🕹 Technology Cybersecurity Certificates Automation Incident Response
  1. Certificate Authorities can face incidents like misissuance or non-issuance, with misissuances often caused by human error or software bugs.
  2. Baselining Requirements set by the CA/B forum provide rules for dealing with certificate misissuances, including the timeline for revocation.
  3. Entrust's recent incident highlights a misissuance dilemma, where they continued misissuing certificates and refused to follow the proper revocation process, impacting thousands of Extended Validation certificates.

Microsoft Sentinel SOC 101: How to Detect and Mitigate SQL Injection Attacks with Microsoft Sentinel

Rod’s Blog 119 implied HN points 27 Sep 23
🕹 Technology Cybersecurity Cloud Computing Data Analysis Threat Detection Incident Response
  1. SQL injection attacks exploit vulnerabilities in web applications to access sensitive data.
  2. Microsoft Sentinel uses advanced analytics rules and integrates with Defender for SQL to detect and respond to SQL injection attacks effectively.
  3. Organizations can benefit from automated incident response, threat hunting, and incident investigation capabilities in Microsoft Sentinel to mitigate the impact of SQL injection attacks.

Microsoft Sentinel SOC 101: How to Detect and Mitigate Malware Attacks with Microsoft Sentinel

Rod’s Blog 99 implied HN points 20 Sep 23
🕹 Technology Security Threat Detection Threat intelligence Incident Response Automation
  1. Malware attacks can result in data breaches, financial losses, and damage to an organization's reputation, underscoring the importance of robust security measures and tools like Microsoft Sentinel.
  2. Microsoft Sentinel offers customizable anomaly detection and User and Entity Behavior Analytics (UEBA) anomalies to identify and respond to potential threats effectively without complex tuning.
  3. Threat intelligence integration, data connectors, and built-in analytics rule templates in Microsoft Sentinel help organizations import, centralize, and leverage threat indicators to proactively detect and respond to malware attacks.
Get a weekly roundup of the best Substack posts, by hacker news affinity:

Beyond Alerts: Easing Security Fatigue with Autonomous Moving Target Defense

ussphoenix 14 implied HN points 05 Feb 24
🕹 Technology Cybersecurity Automation Threat intelligence Incident Response
  1. Moving Target Defense (MTD) can prevent successful attacks by introducing dynamic configurations and variability.
  2. MTD reduces false positives by making it harder for automated scanning tools to generate consistent patterns.
  3. MTD shifts security from reactive to proactive by constantly changing the attack surface and reducing the need for continuous detection.

Microsoft Sentinel SOC 101: How to Detect and Mitigate Drive-by Download Attacks with Microsoft Sentinel

Rod’s Blog 59 implied HN points 04 Oct 23
🕹 Technology Cybersecurity Software Data Analysis Incident Response Network Security
  1. Drive-by download attacks exploit vulnerabilities to download malicious code without user knowledge. They can lead to data breaches and install malware.
  2. Mitigation strategies include user education, enforcing security policies, monitoring network traffic, and using SIEM services like Microsoft Sentinel.
  3. Microsoft Sentinel can help detect drive-by download attacks by collecting relevant data, enriching it, analyzing with rules and ML, visualizing results, and automating incident response.

Microsoft Sentinel SOC 101: How to Detect and Mitigate Man/Adversary-in-the-Middle (MitM/AitM) Attacks with Microsoft Sentinel

Rod’s Blog 59 implied HN points 29 Sep 23
🕹 Technology Cybersecurity Network Security Incident Response Machine Learning
  1. Man-in-the-Middle attacks are serious cyber threats that can lead to data breaches and financial loss for organizations.
  2. Microsoft Sentinel is a powerful tool that leverages AI, machine learning, and integration with Microsoft Defender for Endpoint to detect and mitigate Man-in-the-Middle attacks effectively.
  3. Implementing best practices such as using secure communication protocols, regular system updates, multi-factor authentication, and employee training can further enhance network security against Man-in-the-Middle attacks.

IC Reform is Great, but Decent Privacy Laws Would Be Even Better

Seriously Risky Business 0 implied HN points 15 Jun 23
🕹 Technology Incident Response Cyber Attacks Internet Security Data Privacy
  1. IC reform is important, but decent privacy laws are even more crucial.
  2. The US Intelligence Community needs better policies to protect citizens' privacy and civil liberties regarding Commercially Available Information (CAI).
  3. The focus on improving IC behavior regarding CAI should also extend to federal data privacy legislation to prevent data misuse by law enforcement and foreign adversaries.

Risky Biz News: Congress considers making CSRB permanent and more independent and transparent

Risky Business News 0 implied HN points 19 Jan 24
🕹 Technology Cybersecurity Vulnerabilities Malware Incident Response
  1. Congress is considering making the CSRB permanent and more independent and transparent for cybersecurity issues.
  2. Various cybersecurity incidents occurred, such as DDoS attacks in Switzerland and cyberattacks on companies like Kyivstar.
  3. Important developments include new Samsung phones promising 7 years of security updates and Google updating Chrome Incognito Mode text.

How to Generate Microsoft Sentinel Incidents for Testing and Demos

Rod’s Blog 0 implied HN points 23 Jan 23
🕹 Technology Cybersecurity Data Analysis Cloud Computing Monitoring Incident Response
  1. Utilize the Microsoft Sentinel Training Lab to enable a demo environment with sample alerts for testing incidents.
  2. Leverage tools like Red Canary's Atomic Red Team and AppLocker Bypass for reproducible security tests mapped to the MITRE ATT&CK framework.
  3. Experiment with generating incidents through actions like cloud shell execution, simulating brute force attacks, utilizing Microsoft Cloud App Security, and creating custom detections in Defender for Endpoints.

Parallel Distributed Shell

Certo Modo 0 implied HN points 22 Jun 23
🕹 Technology Operations Incident Response
  1. The parallel distributed shell is a CLI tool helpful for troubleshooting in large-scale systems.
  2. It allows engineers to simultaneously run commands on multiple hosts, offering a 'break-glass' solution.
  3. Various options exist like dsh, pdsh, hyper-shell, and AWS Run Command for managing infrastructure when traditional methods fail.

Incident Management: Alerting

Certo Modo 0 implied HN points 20 Apr 23
🕹 Technology Monitoring Alerting Incident Response Metrics Automation
  1. Alerting in incident management notifies the team to respond to production problems promptly based on severity levels.
  2. When setting up alerting mechanisms, consider categorizing alerts into pages for emergencies, tickets for best effort during business hours, and logs that require no response.
  3. Craft actionable alerts by enriching them with context like graphs, log entries, and links to runbooks. Test new alerts thoroughly before directing them to the on-call team.

The RESTRICT Act Is Not About TikTok

Seriously Risky Business 0 implied HN points 16 Mar 23
🕹 Technology Cyber Security Legislation Reports Malware Incident Response
  1. The RESTRICT Act is bipartisan legislation aimed at enhancing the US government's ability to address threats from foreign technology companies.
  2. Governments like Australia implement laws for cyber incidents, but it can be controversial due to potential overreach.
  3. Global efforts are being made to combat cybersecurity threats, such as the CISA's Ransomware Vulnerability Warning Pilot program.