Need to know if your organization is part of the most recent hack?
Liam Cleary
CEO/Owner at SharePlicity, Microsoft MVP Alumni (17 years) and MCT (Current), Book Author, Soccer Coach
If so, then check out how to use SolarWinds Post-Compromise Hunting within Azure Sentinel.
The Microsoft Threat Intelligence Center (MSTIC) has released several new hunting and detection queries for Azure Sentinel based on additional observations and research released by partners and the wider community. Azure Sentinel makes it easier to collect data from multiple data sources across different environments, both on-premises, and cloud, to connect that data more efficiently. The SolarWinds post-compromise hunting workbook is updated to include several new sections.
You can read in-depth details here: https://techcommunity.microsoft.com/t5/azure-sentinel/solarwinds-post-compromise-hunting-with-azure-sentinel/ba-p/1995095.
You can also access any of the "hunting workbooks" from the GitHub repository: https://github.com/Azure/Azure-Sentinel/tree/master/Workbooks.
If you want to get a more in-depth look at this attack, check out this great article provided by the Microsoft 365 Defender Research Team and the Microsoft Threat Intelligence Center (MSTIC): https://www.microsoft.com/security/blog/2020/12/18/analyzing-solorigate-the-compromised-dll-file-that-started-a-sophisticated-cyberattack-and-how-microsoft-defender-helps-protect.
Looking for some extra support and help with your Microsoft 365 Security? Then feel free to reach out :-)