WELCOME TO CRONINITY

Application log collection to Sentinel SIEM in a Microsoft defender environment Microsoft Defender for Endpoint (MDE) is a highly capable EDR platform that, when deployed to workstations and servers, collects extensive telemetry including process creation, network connections, file activity, registry changes, authentication events, and security logs. Out of the box, it provides deep endpoint visibility, functionally similar to an enhanced, enterprise-grade Sysmon. In many cas

Threat Hunting Frameworks Threat hunting is a proactive cybersecurity discipline that requires structure, strategy, and context. Two of the most popular threat hunting frameworks are PEAK and TaHiTI, with the MITRE ATT&CK framework playing a foundational role across all threat hunting efforts. PEAK stands for Prepare, Execute, and Act with Knowledge . TaHiTI stands for Targeted Hunting Integrating Threat Intelligence . MITRE ATT&CK, while not a hunting framework per se, is a

Threat Hunting & Cyber Threat Intelligence (CTI) - Standard Operating Procedure (SOP) 1. Purpose This Standard Operating Procedure (SOP) defines the processes for integrating Cyber Threat Intelligence (CTI) into Threat Hunting missions. The objective is to ensure threat hunting activities are informed by relevant intelligence, structured investigative methodologies, and standardized intelligence collection and analysis practices. Effective integration of CTI into threat hunti

Enhanced Monitoring Overview In environments using Microsoft Defender XDR and Microsoft Sentinel, there are situations where enhanced monitoring is required beyond normal security operations. This article outlines several enhanced monitoring approaches and explains the nuances associated with each. The starting point is understanding the steady-state security monitoring model in an environment where Defender XDR and Sentinel are integrated. In this architecture, detections ar

What is yara? YARA is an open-source, cross-platform tool used by malware researchers and security analysts to identify, classify, and detect malware samples based on textual or binary patterns. Often described as a "Swiss Army knife" for threat hunting, YARA operates by matching specific rules, sets of strings and Boolean conditions, against files or running processes, enabling the identification of malware families. Yara is maintained by VirusTotal. Ways yara can be implem

Microsoft Copilot Overview Microsoft has named its Artificial intelligence (AI) product Copilot. Microsoft currently offers the following AI products. Microsoft Security Copilot is the AI product that is covered in the SC-200 exam. Copilot for Microsoft 365 : This version is designed for businesses and integrates AI into Microsoft 365 apps like Word, Excel, PowerPoint, Outlook, and OneNote. Copilot for Sales : This version helps sales teams maximize effectiveness and close

Microsoft Defender for Office365 (MDO) Think of MDO as your email security gateway, constantly scanning emails to defend against phishing, malware, and spoofing attempts. Here's how it works: Analyzing Email Sources : Evaluates the origin of emails, checking against databases of known malicious senders and infrastructure. Verifying Sender Authenticity : Confirms whether the sender's identity, brand, and domain are legitimate. For external domains, spoof intelligence ensure

Microsoft Defender for Identity (MDI) Identity Protection: Understanding and Addressing Identity-Based Threats Identity protection focuses on identifying and mitigating weaknesses and threats related to identity systems. The adage "Identity is the new perimeter" may be overused, but it accurately highlights the reality of modern cybersecurity. Threat actors target identities because they grant access to systems and sensitive information. With the growing shift to cloud-based

Demystifying the Microsoft SC-200 Certification The Microsoft SC-200 certification is designed for cybersecurity analysts and engineers who work with Microsoft's security solutions. According to Microsoft, the SC-200 course teaches professionals how to investigate, respond to, and hunt for threats using Microsoft Sentinel, Microsoft Defender XDR, and Microsoft Defender for Cloud. Microsoft is a dominant player in the cybersecurity industry, offering a broad suite of security

Many Identity & Access Management frameworks are several years old, so care needs to be taken on what a mature 'Identity management' looked like in 2010 versus 2025. Gartner Identity & Access Management (IAM) Maturity Model One of the primary maturity models used for Identity and Access Management (IAM) is the Gartner IAM Maturity Model. This model evaluates IAM maturity using standard capability maturity levels—Initial, Developing, Defined, Managed, and Optimized, across key

Within the CISO MindMap, Security Operations encompasses three major domains: Threat Prevention, Threat Detection, and Incident Management. This article focuses specifically on the Threat Prevention domain and examines several maturity models that apply to key subdomains within this area. Threat Prevention Threat Prevention spans a broad range of capabilities and is heavily influenced by an organization’s operational environment and technology stack. While many subdomains hav