Welcome to our weekly security detection and report update. Our Incident Detection Engineering (IDE) Team is constantly hard at work. Creating, testing, and writing detections for you! This week, we've made several important updates to improve your security posture and enhance the functionality of our detections. As you might know, monthly, we also release an overview of the entirety of what was changed in the product. However in these updates we'll focus on the net new content that IDE provides on an ongoing basis, musings from our team, and maybe the occasional horoscope if you're lucky.
Introduction and Overview
Yea I know, I'm a day late! Here, take your new detection!!
New Detections
This update introduces:
Microsoft 365: SsoArtifactRevoked Failed Login
Detects when a user has failed to log in to Microsoft 365 services and the resultant error indicates the session was denied due to a bad password (either expired or recently changed). These events can also be related to conditional access policies denying a login. We have seen evidence of this activity in Business Email Compromise during our research.
- Status: Default Disabled
- Log type requirement: MS365 AD
Content & Fun Things
We'll be at SecureWorld Detroit!
Matthew Warner - Homegrown Security: How Michigan Businesses Are Navigating the Cybersecurity RapidsDrawing on his own experience helping secure businesses in the Great Lakes State, Matt explores:
- How to assess your current security maturity and identify key areas for improvement
- Avoiding the potholes of response-only and compliance-driven security approaches
- The role of automation in enhancing threat detection and response capabilities
- Insider tips on selecting technologies that satisfy both compliance and budget constraints
- How Ottawa County slashed manual log review time while meeting stringent CJIS and IRS compliance requirements
- Zingerman’s secret sauce for protecting customer data during holiday rushes without breaking the bank
This talk is ideal for IT and security leaders at Michigan businesses of all sizes looking to enhance their security capabilities without breaking the bank or burning out their teams.
Our panel of cybersecurity experts unravel the intricate world of cyber threats, shedding light on the latest trends, emerging attack vectors, and the expanding arsenal of malicious tools employed by cyber adversaries. Learn the motivations behind these threats, from profit-driven cybercriminals to state-sponsored actors wielding cyberweapons.
Our panel provides a comprehensive overview of the current threat landscape.
Amanda Berlin
Amanda Berlin is Lead Incident Detection Engineer at Blumira, bringing nearly two decades of experience to her position. At Blumira she leads a team of incident detection engineers who are responsible for creating new detections based on threat intelligence and research for the Blumira platform. An accomplished...
More from the blog
View All PostsSecurity Detection Update – 2024-10-3
Read MoreNow Available: SIEM Cloud Connector Status Notifications
Read MoreSecurity Detection Update - 2024-9-19
Read MoreSubscribe to email updates
Stay up-to-date on what's happening at this blog and get additional content about the benefits of subscribing.