Recently, we encountered two distinct variants of a payload delivered through Google Drive, both containing a malicious shortcut. While these threats were successfully mitigated, it’s crucial to understand their mechanisms and implement protective measures. In this blog, we’ll dissect these threats and explore strategies for defending against them. Threat Analysis The malicious shortcuts in the … Read more
This improved Sentinel Analytics Rule can be used to detect malicious Inbox Rules used by threat actors to hide invoice fraud activity. I’ve used the Inbox rule currently available as a template within Sentinel, and modified it to alert on Outlook rules I encountered in the wild.
Use this function and logic app, to block abusive IP addresses using a custom rule, that hit a certain block limit on Azure WAF / Frontdoor. Leveraging Log Analytics Alerts. This greatly improves security for your origins, as threat actors won’t be able to scan indefinitely (or until rate limit is reached) for vulnerabilities. In … Read more
Please read blog 2 instead, using Log Analytics is more cost effective and doesn’t have a 10 entity limit. https://potsolutions.nl/2023/05/20/block-sentinel-log-analytics-entities-on-azure-waf-2/ Update 2025.02.22 – Just released blog 3: SOAR: Block Log Analytics IP Entities on Azure Frontdoor / WAF #3 – Prof-IT Azure Frontdoor is a powerful tool for managing web traffic, but it doesn’t always … Read more
Schedule a call to talk to one of our Solution Consultants, who can help guide you on your journey to choosing the right IT solution or managed service for your business.
