Turning Microsoft Sentinel Alerts into Analyst-Ready Incidents with AI
Planned follow-up covering Logic Apps, Sentinel incidents, alert enrichment, MITRE mapping, and automated triage summaries.
Latest
Building a Cloud SIEM Honeypot, Part 1: Watching the Internet Find a Windows VM
I exposed a Windows VM to the public internet, wired it into Microsoft Sentinel, and analyzed 26,066 failed logons from 253 source IPs. This writeup focuses on telemetry, detections, attacker behavior, and the assumptions the data challenged.
Building an Active Directory Home Lab: Part 1
Setting up a complete Active Directory environment using VMware Workstation Pro, Windows Server, networking configuration, and a first domain controller.
Building an Active Directory Home Lab: Part 2
Continuation of the Active Directory home lab series, covering a more realistic internal structure with organizational units, bulk user creation, and security groups for the fictional Secora environment.
Active Directory PowerShell Script Collection
A companion script collection for the AD lab series, including bulk user creation, inactive-user cleanup, ACL/security auditing, authentication-event review, system health reporting, secure backup auditing, and endpoint hardening.