Disable Microsoft Defender – Detection
This was simple detection where Microsoft Defender services were blocked and events were observed. Detection queries for the same are present at the end. Windows Defender alerts yo
Sysmon Playbook Event ID 15
When a file is downloaded from the internet it is saved to the local system. File streams are recorded by this event id when the file is being downloaded mostly from web browser. A
What is SIEM and it’s functionality
SIEM is a tool that collects, aggregates, normalizes the data and analyses it according to pre-set rules and presents the data in human readable format. The video below talks in de
What is Security Operations Center (SOC)
A Security Operation Center (SOC) is a centralized function within an organization employing people, processes, and technology to continuously monitor and improve an organization&#
