BEGIN:VCALENDAR PRODID:-//vBulletin 6//EN VERSION:2.0 CALSCALE:GREGORIAN BEGIN:VEVENT UID:9bb12b03-4c2d-4031-b51a-de7441cb2b5a DTSTAMP:20260520T150925Z SUMMARY:(Intermediate) Azure AD Logs for the Blue Team DESCRIPTION:Title: (Intermediate) Azure AD Logs for the Blue Team\n\nDescri ption:\nAs enterprises move to cloud resources like Office365 and Azure AD it is imperative that they proactively monitor and protect against potent ial threats. But these vast quantities of security data are of no value if you\, as a security admin\, cannot make sense of it. In this session we'l l explore the data that's available in Azure AD logs\, how to integrate it with 3rd party SIEMs and get actionable insights from it. We'll also shar e the best practices on consuming Azure AD logs based on our insights from working with large enterprises.\n\nOutline:\nUnderstanding the different types of logs in Azure AD (Sign-In\, Audit\, Risk\, Application) what data is in each of them. (15 mins)\nExample Conditional Access Sign-in Logs (2 mins)\nExample Service Principal Log (2 mins)\nUnderstanding how to send logs to SIEMS (5 mins)\nDemo Configuring Azure Monitor Event Hub to send t o 3rd party SIEM (2 mins)\nUnderstanding key events to look for and why (1 0 mins)\nDemo Using Azure work books and Log Analytics to look for key eve nts (5 mins)\nQ and A (Remaining time)\n\nSpeaker(s): Mark Morowczynski\n\ nLocation: Blue Team Vlg / Blue Team Vlg - Workshop Track 1\n\nDiscord: ht tps://discord.com/channels/708208267699945503/732454317658734613\n\nEvent starts: 2020-08-09 15:00 (03:00 PM) PDT (UTC -07:00)\n\nEvent ends: 2020-0 8-09 15:45 (03:45 PM) PDT (UTC -07:00)\n\nFor the most up-to-date informat ion\, please either visit https://info.defcon.org\, or use HackerTracker\, which is available for iOS and Android. This is an automated message\, an d this data was last modified 2020-08-03T01:06 (UTC). URL:https://forum.defcon.org/node/234111 DTSTART:20200809T230000Z DTEND:20200809T234501Z LOCATION:Blue Team Vlg / Blue Team Vlg - Workshop Track 1 END:VEVENT END:VCALENDAR