Category: Uncategorized

Threat Hunting on SQL Server with Azure Sentinel

For years Microsoft SQL Server has served as a backbone of critical applications for enterprises. Due to the nature of critical data stored on the SQL Server databases, it has always been a point of Interest for internal or external adversaries and one of the primary targets for exploitation.

 It is important to monitor all your SQL database instances and servers for any sign of threats.

Last week I posted a detailed blog post on Monitoring SQL Server with Azure Sentinel on Microsoft Azure Sentinel Official Blog. The blog talks about how to ingest logs from SQL Servers running on VMs, Parse the logs in readable format and then run various hunting queries and create alerts

You can read the detailed post here.

The Parser and hunting queries are also uploaded to Azure Sentinel Github repo.




Join me at Microsoft 360 Security Conclave

I’ll be speaking at Microsoft 360 Security Conclave on Integrated Cyber Threat Management last this week, we’ll talk about how modern cyber threats leveraging power of cloud to launch multi-staged attacks and how having an end to end visibility of the attack indicators across Identity, Endpoint, Apps and Infrastructure helps early detection and remediation.

If you are attending this event, please do stop by and say hi.

There are some other distinguished speakers lined up for you from Industry and Microsoft engineering.

See you there.

Iftekhar




Speaking at ET CIO virtual event.



My Session at Economic Times–Microsoft Security 360 Conclave

ETCISO.in and Microsoft organized a one-day conclave to enable CISOs enhance their security stance in the era of flux and transformation. The conclave served as a platform for top CISOs and security experts to deliberate on the latest opportunities, challenges and trends in the enterprise cybersecurity space.

It was really speaking at this event on “ Top Security Myth busters” which was all about various myths within the security community and in organizations for their internal cyber security and compare them with things happening in reality. This session also had some demos on some of Microsoft’s investments in threat detection capabilities and remediation accross Email Security, Endpoint Security and Identity protection.

If you happened to attend this event in person,  I really hope you liked it.

If you couldn’t attend it in person, the sessions were streamed LIVE and now available On-Demand below.

My Session starts at ~ 4:28:00

Cheers,

Iftekhar