Explore additional Microsoft cloud data sets that are often overlooked but crucial for enhanced security in this 35-minute SANS DFIR Summit 2024 talk. Delve into the limitations of standard logging for Microsoft Entra ID and O365, and discover how tools like GraphRunner exploit the Microsoft Graph API. Learn about the challenges posed by simplified post-exploitation techniques and the importance of expanded data visibility. Gain insights into detecting suspicious activities, designing effective hunts, and leveraging underutilized data sets to combat sophisticated adversaries. Walk away with a deeper understanding of GraphRunner's capabilities, awareness of advanced Graph API logging options, and strategies for creating targeted detections to identify and mitigate potential threats in your Microsoft cloud environment.
Additional Microsoft Cloud Data Sets for Enhanced Security Visibility
Overview
Syllabus
Additional Microsoft Cloud Data Sets You May Not Be Looking At But Probably Should
Taught by
SANS Digital Forensics and Incident Response
