{"id":224746,"date":"2019-11-12T01:01:57","date_gmt":"2019-11-12T00:01:57","guid":{"rendered":"https:\/\/www.borncity.com\/blog\/?p=224746"},"modified":"2019-11-12T01:01:57","modified_gmt":"2019-11-12T00:01:57","slug":"azure-sentinel-phishing-sites-aufspren","status":"publish","type":"post","link":"https:\/\/borncity.com\/blog\/2019\/11\/12\/azure-sentinel-phishing-sites-aufspren\/","title":{"rendered":"Azure Sentinel: Phishing-Sites aufsp&uuml;ren"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" src=\"https:\/\/borncity.com\/blog\/wp-content\/uploads\/2015\/01\/Schutz.jpg\" width=\"40\" align=\"left\" height=\"47\"\/>Microsoft hat Azure Sentinel (Azure W\u00e4chter) eine sogenannte URL detonation-Funktion spendiert. Damit k\u00f6nnen Administratoren Phishing-Sites, die von Benutzern aufgerufen werden, aufsp\u00fcren.<\/p>\n<p><!--more--><\/p>\n<p>In Unternehmensumgebungen k\u00f6nnte man \u00fcberlegen, ob das mit einer SIEM-L\u00f6sung (Security Information and Event Management) zu bewerkstelligen ist. Wer auf Azure Sentinel zur \u00dcberwachung nutzt, hat eine andere Option.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">You can find <a href=\"https:\/\/twitter.com\/hashtag\/phishing?src=hash&amp;ref_src=twsrc%5Etfw\">#phishing<\/a> sites visited by your users by matching backwards-looking IOCs for URLs in logs. Better would be a SIEM that detonated URLs in logs and flagged them in real time. Wish your SIEM could do this? Your SIEM could <a href=\"https:\/\/twitter.com\/hashtag\/AzureSentinel?src=hash&amp;ref_src=twsrc%5Etfw\">#AzureSentinel<\/a><a href=\"https:\/\/t.co\/A5sn3PvOwZ\">https:\/\/t.co\/A5sn3PvOwZ<\/a> <a href=\"https:\/\/t.co\/bBCjB1e1L8\">pic.twitter.com\/bBCjB1e1L8<\/a><\/p>\n<p>\u2014 John Lambert (@JohnLaTwC) <a href=\"https:\/\/twitter.com\/JohnLaTwC\/status\/1193981065481854979?ref_src=twsrc%5Etfw\">November 11, 2019<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>  <\/p>\n<\/p>\n<p>John Lambert weist in obigem Tweet auf diesen Techcommunity-Artikel hin, in dem Microsoft auf die neue 'URL detonation'-Funktion in Azure Sentinel eingeht. Denn die Preview ist gerade freigegeben worden. Die Preise f\u00fcr Azure Sentinel k\u00f6nnen \u00fcbrigens <a href=\"https:\/\/azure.microsoft.com\/en-us\/pricing\/details\/azure-sentinel\/\" target=\"_blank\" rel=\"noopener noreferrer\">hier abgerufen<\/a> werden. Vielleicht ist die Information ja f\u00fcr den einen oder anderen Administrator in Firmen von Interesse.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft hat Azure Sentinel (Azure W\u00e4chter) eine sogenannte URL detonation-Funktion spendiert. Damit k\u00f6nnen Administratoren Phishing-Sites, die von Benutzern aufgerufen werden, aufsp\u00fcren.<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[908,426],"tags":[4338,4328],"class_list":["post-224746","post","type-post","status-publish","format-standard","hentry","category-internet","category-sicherheit","tag-internet","tag-sicherheit"],"_links":{"self":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts\/224746","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/comments?post=224746"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts\/224746\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/media?parent=224746"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/categories?post=224746"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/tags?post=224746"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}