Skip to main content

Posts

Log Analytics Workspace and Microsoft Sentinel

Log Analytics workspaces is a type of Azure service where the logs can be collected and stored for analysis and retention. Logs from various sources can be piped to the Log Analytics Workspace and it is one of the crucial components for Microsoft Sentinel. Log Analytics Workspace serves as the centralised repository for the logs. The logs are piped using connectors and agents. A retention policy can be set on Log Analytics workspace for compliance requirements. The logs are then used for analysis using Kusto Query Language (KQL). KQL helps to query, filter data to identify patterns, anomalies and potential threats in the environment. In addition to log storage, Log Analytics workspaces offers dashboards and data visualisation options using queries and metrics. Log Analytics can be integrated with Microsoft Sentinel and with Microsoft Defender for Cloud. Sentinel utilises the data stored in Log Analytics workspaces to perform analysis, threat detection, threat hunting and for incident i...
Read more
Recent posts

About Microsoft Sentinel

A Security Operations Centre is a centralised unit that monitors traffic, triage alerts, participates in incident response, perform threat hunting and often performs vulnerability assessments. The individuals who work in a SOC are often referred to as SOC analysts. When it comes to Microsoft Azure SOC, the analysts work predominantly on Microsoft Security, Compliance and identity products and solutions such as Microsoft 365, Defender for Cloud, Microsoft 365 Defender, Sentinel etc. Let's go through the top two products that are critical for a SOC. SIEM and SOAR. A SIEM or Security Information and Event Management provides a centralised management and a holistic view of all events happening in the organisation by collecting and analysing logs from different sources across. SIEM uses correlation to detect anomalies and create alerts based on the conditions. Whereas a SOAR or Security Orchestration Automation and Response helps to handle incidents efficiently and automatically by inte...
Read more

CREST CPSA Exam resources

CREST Practitioner Security Analyst (CPSA) As exam candidates, it might be quite difficult to prepare for the CREST CPSA certification exam as there is no official courseware from CREST. Though there are recommendations from CREST, it is cumbersome to go through each one for the preparation. Therefore, I have written a book on CREST CPSA, aligned with the exam syllabus, covering all knowledge groups. The book is available from Amazon as both Paperbook and eBook format.  Amazon link : https://www.amazon.com/CREST-Practitioner-Security-Analyst-CPSA-ebook/dp/B0F2YGQJQB/ Feel free to check the showcase page cpsaexam.com I am also working on a practice test based on the exam syllabus and the exam study guide. This is scheduled to be released on April 2025.  
Read more

Passed the CompTIA CloudNetX Certification

Last July 2024, I participated in the CompTIA CloudNetX Certification Beta Exam (CNX-001)and today I received my results and I passed!. As of Feb 2025, the exam is not yet available for purchase and is expected to be open by next month (Q1 2025). Comptia recommends A minimum of ten years of experience in the IT field and five years of experience in a network architect role, with experience in the hybrid cloud environment. Network+, Security+, and Cloud+ or equivalent experience. As per the exam description, The CompTIA CloudNetX certification exam will certify the successful candidate has the knowledge and skills required to: Analyze business requirements to design and configure secure network architecture for on-premises and cloud environments. Analyze requirements to design for network security, availability, Zero Trust, and identity and access management technologies. Apply and configure concepts and tools related to network monitoring and performance, automation, and scripting. Tro...
Read more

HP printer driver issue in Linux [FIX]

My HP printer was automatically detected by Ubuntu but was unable to print anything. You might also encounter issues with your HP printer connecting with Linux machine. The following solution may fix this issue. try the command hp-setup -i  This HP Linux imaging and Printing System utility will download the required drivers and install the printer successfully.
Read more

docker-compose: command not found | Kali Linux [FIX]

You might be facing issues in installing docker compose in Kali linux.   In the latest Kali linux versions, the docker-compose cannot be installed in the transitional way. However the standalone version can be installed, as mentioned in the installation guide. To download and install the Docker Compose standalone, run: sudo curl -SL https://github.com/docker/compose/releases/download/v2.32.3/docker-compose-linux-x86_64 -o /usr/local/bin/docker-compose Apply executable permissions to the standalone binary in the target path for the installation. sudo chmod +x /usr/local/bin/docker-compose Test and execute Docker Compose commands using docker-compose.
Read more

error: externally-managed-environment | pip3 install Error [FIX]

  When a package manager is managing a Python environment,it prevents pip from performing system-wide installation. You can use  --break-system-packages to bypass this protection. Add --break-system-packages at the end of pip. Eg: pip install xyz --break-system-packages
Read more