Analyst Resources Archives - The Insecurity Matters Blog

A List of Third-Party Services to Determine Indicator Badness

When an analyst is reviewing logs from various environment sources such as Azure Active Directory, perimeter firewalls, email gateways, Amazon Web Services, endpoint protection and others, they need to check for activity from other sources to make a determination that the domain, URL, or IP address (indicator) warrants further investigation/policy action/control change based on activity... Continue reading

A Handy Reference for Windows Logon Types with Status and Substatus Codes

This list of logon types and status/substatus for Event ID 4625 comes from Microsoft documentation for threat-protection auditing, and is beneficial for analysts and people that are curious about what is going on in their PC. Logon type Logon title Description 2 Interactive A user logged on to this computer. 3 Network A user or... Continue reading