ᴍɪᴄʜᴀʟɪs ᴍɪᴄʜᴀʟᴏs
@cyb3rmik3.bsky.social
SecOps, DFIR & CTI 🛡 | Microsoft Security #MVP, #KQL Threat Hunting 🏹 | Father 👭/Hasbund 👫/🍷&⌚️ enthousiast/Explorer ✈️ | Views my own | blog michalos.net
👨💻 This and some further insights, I share at my latest blog: 𝐈𝐧𝐬𝐢𝐠𝐡𝐭𝐬 𝐟𝐫𝐨𝐦 𝐭𝐡𝐞 𝐭𝐫𝐞𝐧𝐜𝐡𝐞𝐬: 𝐛𝐮𝐢𝐥𝐝𝐢𝐧𝐠 𝐚𝐮𝐝𝐢𝐭 𝐜𝐚𝐩𝐚𝐜𝐢𝐭𝐲 𝐟𝐨𝐫 𝐌𝐢𝐜𝐫𝐨𝐬𝐨𝐟𝐭 𝐒𝐞𝐧𝐭𝐢𝐧𝐞𝐥 & 𝐃𝐞𝐟𝐞𝐧𝐝𝐞𝐫 𝐗𝐃𝐑 🔗 www.michalos.net/2025/06/20/i...
[3/3]
[3/3]
Insights from the trenches: building audit capacity for Microsoft Sentinel & Defender XDR
Introduction Build and document your RBAC Protect the Log Analytics Workspace Monitor for tampering behavior Looking into Defender’s Audit Things to take into consideration Audit retention Ad…
www.michalos.net
July 9, 2025 at 5:31 AM
👨💻 This and some further insights, I share at my latest blog: 𝐈𝐧𝐬𝐢𝐠𝐡𝐭𝐬 𝐟𝐫𝐨𝐦 𝐭𝐡𝐞 𝐭𝐫𝐞𝐧𝐜𝐡𝐞𝐬: 𝐛𝐮𝐢𝐥𝐝𝐢𝐧𝐠 𝐚𝐮𝐝𝐢𝐭 𝐜𝐚𝐩𝐚𝐜𝐢𝐭𝐲 𝐟𝐨𝐫 𝐌𝐢𝐜𝐫𝐨𝐬𝐨𝐟𝐭 𝐒𝐞𝐧𝐭𝐢𝐧𝐞𝐥 & 𝐃𝐞𝐟𝐞𝐧𝐝𝐞𝐫 𝐗𝐃𝐑 🔗 www.michalos.net/2025/06/20/i...
[3/3]
[3/3]
📄 Documenting and streamlining your roles and responsibilities could be a headache to start, but definitely helps managing and onboarding colleagues while following the principles of 𝐒𝐞𝐩𝐚𝐫𝐚𝐭𝐢𝐨𝐧 𝐨𝐟 𝐃𝐮𝐭𝐢𝐞𝐬 (𝐒𝐨𝐃), 𝐙𝐞𝐫𝐨 𝐓𝐫𝐮𝐬𝐭 and 𝐋𝐞𝐚𝐬𝐭 𝐏𝐫𝐢𝐯𝐢𝐥𝐞𝐠𝐞.
[2/3]
[2/3]
July 9, 2025 at 5:31 AM
📄 Documenting and streamlining your roles and responsibilities could be a headache to start, but definitely helps managing and onboarding colleagues while following the principles of 𝐒𝐞𝐩𝐚𝐫𝐚𝐭𝐢𝐨𝐧 𝐨𝐟 𝐃𝐮𝐭𝐢𝐞𝐬 (𝐒𝐨𝐃), 𝐙𝐞𝐫𝐨 𝐓𝐫𝐮𝐬𝐭 and 𝐋𝐞𝐚𝐬𝐭 𝐏𝐫𝐢𝐯𝐢𝐥𝐞𝐠𝐞.
[2/3]
[2/3]
➡️ First part of my blog elaborating MDVM add-on (www.michalos.net/2024/10/20/m...)
➡️ Second part of my blog elaborating MDVM add-on (www.michalos.net/2024/12/04/m...)
➡️ Some #KQL queries for MDVM (github.com/cyb3rmik3/KQ...)
[Part 3/3]
➡️ Second part of my blog elaborating MDVM add-on (www.michalos.net/2024/12/04/m...)
➡️ Some #KQL queries for MDVM (github.com/cyb3rmik3/KQ...)
[Part 3/3]
Microsoft Defender Vulnerability Management, exploring the add-on superpowers (part 1)
Introduction MDVM licensing Browser extensions assessment Network share analysis Block vulnerable applications Closing remarks Introduction Microsoft Defender Vulnerability Management (MDVM) has co…
www.michalos.net
June 26, 2025 at 11:04 AM
➡️ First part of my blog elaborating MDVM add-on (www.michalos.net/2024/10/20/m...)
➡️ Second part of my blog elaborating MDVM add-on (www.michalos.net/2024/12/04/m...)
➡️ Some #KQL queries for MDVM (github.com/cyb3rmik3/KQ...)
[Part 3/3]
➡️ Second part of my blog elaborating MDVM add-on (www.michalos.net/2024/12/04/m...)
➡️ Some #KQL queries for MDVM (github.com/cyb3rmik3/KQ...)
[Part 3/3]
where I elaborated the benefits of using the premium capabilities of MDVM including Browser Extensions, Digital Certificates, Network Shares and Hardware & Firmware.
If you missed it, check below:
➡️ The slides (github.com/cyb3rmik3/pr...)
[Part 2/3]
If you missed it, check below:
➡️ The slides (github.com/cyb3rmik3/pr...)
[Part 2/3]
presentations/202506-m365scug at main · cyb3rmik3/presentations
A repository for notes and references of presentations. - cyb3rmik3/presentations
github.com
June 26, 2025 at 11:04 AM
where I elaborated the benefits of using the premium capabilities of MDVM including Browser Extensions, Digital Certificates, Network Shares and Hardware & Firmware.
If you missed it, check below:
➡️ The slides (github.com/cyb3rmik3/pr...)
[Part 2/3]
If you missed it, check below:
➡️ The slides (github.com/cyb3rmik3/pr...)
[Part 2/3]
Registration is now open and you can choose to join us in person or participate online from anywhere in the world. Don’t miss it!
🔗 kustocon.com/130-2/
(2/2)
🔗 kustocon.com/130-2/
(2/2)
Registration | KustoCon
kustocon.com
June 5, 2025 at 8:37 AM
Registration is now open and you can choose to join us in person or participate online from anywhere in the world. Don’t miss it!
🔗 kustocon.com/130-2/
(2/2)
🔗 kustocon.com/130-2/
(2/2)