Share this page!

Dave Kennedy Profile picture
Twitter logo
25 Feb, 5 tweets, 1 min read
Unpopular opinion: The more I dive into Azure Sentinel, the less I'm impressed. For SMBs it's OK for commodity alarms due to the simplicity of O365 logs and others, but customized alarms, threat hunting, etc. is very difficult.

I do like KQL, but it's not even close to others.
Using Sentinel as a method for increasing coverage and effectiveness of TTPs would be difficult for an organization other than commodity attacks.
I do want to state that Microsoft is by far stepping up the game all around and very noticeably.

This isn't a gripe about anyone at all. Some amazing folks there working hard.

I'm just providing my experiences with Sentinel, and just not impressed.
What I will say is having any type of visibility into cloud infrastructure is better than most norms which is none. Having Azure or AWS logging in a predominant cloud org is a good thing.

Most SIEMs though have moved towards that model and have a much better way to query data.
Not just query data, but build alarms and better detections based on their own environment. That's key... Continual progression of coverage and effectiveness of attack paths within an organization is a recipe for success.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Dave Kennedy

Dave Kennedy Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @HackingDave

Dave Kennedy Profile picture
11 Mar
Last week, made a comment about how I wasn't a huge fan of Sentinel overall. Got to dive a bit deeper into it with my team over at Binary and has definitely changed my perspective a bit.

Sentinel is not easy by any stretch but there is a lot to it.

If you have the right data going into it (which isn't easy), and you have a team behind you to build up the detections, Sentinel is extremely powerful.

With jupyter and KQL foundation is super powerful to build what you need to off of it.
From my comments earlier, it is a solid product.. It just requires a substantial lift to get it to a point that will help you mature monitoring and detection capabilities.

Requires a knowledgeable team is the biggest thing there.
Read 6 tweets
Dave Kennedy Profile picture
8 Mar
Hey all, I'll be on CNBC here at 2:10PM ET-ish talking about the Hafnium / Exchange hack.

Suit on the top, gym shorts on the bottom.
Running couple mins behind, probably more like 2:20
Going live 2 mins
Read 4 tweets
Dave Kennedy Profile picture
27 Oct 20
Interesting...
Looks like an in between to OSCP and OSCE
“It is for further skill development in penetration testing and is one of the three certifications needed to earn the updated OSCE³ certification.”
Read 5 tweets
Dave Kennedy Profile picture
30 Sep 20
Us: In network for a month without detection.

Client: Why didn't nextgen EDR pick any of this up?

Us: Detection is more than just an EDR, it requires an understanding of your network.

Client: Can you get on phone with the vendor to share all of your TTPs so they can detect?
We're working with the customer to help educate and shore up the deficiencies, but it's just rough because of the over-reliance on security tools versus baselining and doing the work for your own environment.
This also isn't just a CustomerX problem. It's a widescale industry problem in general. There is no solution out there that does the hard work of building a security program or focusing on your threat models and baselining your own infrastructure.
Read 4 tweets
Dave Kennedy Profile picture
27 Sep 20
Here we go Image
Image
Read 7 tweets
Dave Kennedy Profile picture
21 Sep 20
One thing that I’ve learned from my nutritionist / planner is to screw fad diets (keto as an example) and focus on your body. Start counting calories, and focus on primarily protein intake and balance the rest. Workout days for me 2300 calories, 200g of protein and mix fat/carbs.
If you are going to do long term fitness for life, you need something that you can sustain yourself on.

Non workout days 2100 calories.

For tough working days I stack more carbs, for less workout days, I stack less.

I count every calorie I put in my body religiously.
I was freaking out at first, I gained weight, but that is due to protein taking longer to digest and body to get use to it. Week one gained ten pounds, week two down 8 pounds. Put on a lot of muscle and having larger gains.

Do not judge yourself on weight and adjust slowly.
Read 5 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @HackingDave has new unrolls!

Check out other threads from @HackingDave!

Read all threads by @HackingDave