About Corissa Koopmans and Mark Morowczynski:
Corissa Koopmans (@Corissalea) is part of the “Get to Production” team in the Microsoft Identity and Network Access Division, focusing on incorporating customer feedback to improve our products. She is very active in driving community contribution to AzureMonitor Log Analytics and increasing awareness of the power of log data by presenting at industry events including BSides, The Experts Conference (TEC), SPARK, & Microsoft MVP Summits.
Mark Morowczynski (@markmorow) is a Principal Program Manager on the customer success team in the Microsoft Identity division. He spends most of his time working with customers on their deployments of Azure Active Directory. Previously he was Premier Field Engineer supporting Active Directory, Active Directory Federation Services and Windows Client performance. He’s spoken at various industry events such as Black Hat, Defcon Blue TeamVillage, Blue Team Con, GrayHat, several BSides, and more. He can be frequently found on Twitter as @markmorow arguing about baseball and making sometimes funny gifs.
Azure AD SecOps - aka.ms/azureadsecops
Azure Monitor Log Analytics and KQL resources: aka.ms/KQLBlueTeam
For community contribution, please follow these prerequisites (these steps are also available at aka.ms/KQLBlueTeaml):
1.Have a GitHub account
2. Belong to the Microsoft Organization in GitHub
If you do not yet belong, click on this link: https://repos.opensource.microsoft.com/ and then select “Microsoft” to join their organization
3. Be a member of the @azure-ad-workbooks team in GitHub
If you are not yet a member, go to the Microsoft Organization in GitHub and search for the @azure-ad-workbooks team and request access for approval by owner
Sponsor's Note:
Support for the Blueprint podcast comes from the SANS Institute.
If you like the topics covered in this podcast and would like to learn more about blue team fundamentals such as host and network data collection, threat detection, alert triage, incident management, threat intelligence, and more, check out my new course SEC450: Blue Team Fundamentals.
This course is designed to bring attendees the information that every SOC analyst and blue team member needs to know to hit the ground running, including 15 labs that get you hands on with tools for threat intel, SIEM, incident management, automation and much more, this course has everything you need to launch your blue team career.
Check out the details at sansurl.com/450! Hope to see you in class!
Follow SANS Cyber Defense: Twitter | LinkedIn | YouTube
Follow John Hubbard: Twitter | LinkedIn