About memy stats
Information About me
With over 10+ years of experience
✔️ Helping customers to implement Cloud Security at scale prima facia Microsoft Sentinel 🛡️ 🐱👤
✔️ Advocates Microsoft Security Education and awareness.
✔️ Love Building Open-Source ATOM Products.
📌 During my journey, I enjoy educating:
💡 FREE Udemy Course with 2K+ enrollments & 4.1 .
💡 Presented in 30+ Cloud Security Events.
💡 10+ Articles with 10K+ reads.
📌 Love building atom products
🔼 PowerShell Module on Defender for IOT Raw Logs.
🔼 Enrich Sentinel with Twitter TI Feeds.
🔼 Latest IP Ranges from Azure | GCP | AWS for Microsoft Sentinel
Things came along with the journey
⚡ #5 under top contributors for Microsoft Sentinel.
⚡ L5 Microsoft Sentinel Black Belt since 2022
📍 Been engaged in the design & development of applications in Azure, GCP.
A veteran developer for .NET & SharePoint.
650+
Projects
Completed
10+
Years of
experience
2500+
Happy
Learners
100+
Reviews
Area Of Interest
My Timeline
2019 - present
Senior Cloud Security Architect - Ontinue
✔️Implementing Microsoft Security at Scale ✔️Deploy Microsoft Sentinel at Zero Day and migration at scale ✔️Microsoft Defender Rollout ✔️ Building SOC Use Cases. ✔️Deep dive to Cost Management. ✔️ Security & Vulnerabilities Assessment.
2023 - present
Author - KQL : A Gateway To Microsoft Sentinel
Happy to announce my first book ever on KQL
https://linktr.ee/kql4sentinel
2019 - present
Author - Learn KQL for Microsoft Sentinel
✔️ Learn KQL basics for Microsoft Sentinel ✔️ Know the most used operators ✔️ Learn to build your first query ✔️ Learn to evaluate your KQL results
September 2017 - February 2019
Senior Software Engineer - Trelleborg
Design and develop apps on O365 & Azure targeted to various verticals within the organization. Ideate and develop POcs on O365 and Azure adoption considering the data security and scalability.
2012 - 2017
Senior Project Engineerr - Wipro Technologies
✔️ Expertise in SharePoint Online, Power shell, Client Side Scripting. ✔️ Have interacted with customers to gather business requirements with an analysis to fit them to Office 365 / SharePoint online stack. ✔️ Designed solution to enable push based knowledge to the organizational users by enabling role based concept to engage user more to the system with lesser effort. ✔️Have delivered the application subjected to development in SharePoint 2013 and SharePoint Online, migration to SharePoint 2007 to SharePoint 2010 and followed by SharePoint Online. ✔️Supported customer through SharePoint Application troubleshooting and facilitating to make most out of the product to meet the business need. ✔️Administered SharePoint Online environment and been aligned with process defined to run the operation. ✔️Setup SP farms for dev, QA & Prod Environment. ✔️Supported maintenance of SharePoint 2010 & MOSS application. ✔️Troubleshooting user specific issues (application / product specific.) raised though in-house ticketing tool.
2009 - 2013
Network Support Junior Executive - Telematics Global Solution
Remote monitoring & configuration of Online advertising pods and mall guides. Routine checks, reports preparation (daily,weekly & monthly) and troubleshooting using online tool from Kasea.
My PortfolioMy Work
Here is some of my work that I've done !!!
The TOR IP List for Microsoft Sentinel
Export Twitter TI Feed to Sentinel
Refer GCP IP Ranges in KQL & Microsoft Sentinel
Send Email To Create Incident in Sentinel
My BlogsMy Blogs
Export Twitter TI Feed to Sentinel
There are various sources where IOCs can be derived from and Twitter is one of them. Twitter provides a list of IOCs here https://twitter.threatintel.rocks/ And this list cannot be called in KQL or a workbook directly due to CORS not being enabled. Hence..
Limit access to your Office 365 Apps with for IP ranges with Named Locations
Most of the organizations coming from the On premises to Office 365 want to be conservative when it comes to the accessibility of Office 365 and Apps within.
Update Multiple Analytics in Sentinel At Once
Utilize export & import feature for bulk edits of Microsoft Sentinel Rules This gives an additional flexibility to change rules very quickly in real time. This article is an extension of the conversation
Send Email To Create Incident in Sentinel
This post is inspired by MS Ignite 2022. There was a new announcement about the creation on Microsoft Sentinel Incident Creation. This article led tool is an extension to the same. In a organization there might be Security Incident occurring to the resources where Security is not tightened up yet. So an email address can be whistle blower here. An suspicious activity happens this can be reported over an email to a dedicated email address.
Reduce Noise from AAD Non Interactive SignIns
As a part Azure Active Directory Data Connector in Sentinel, AADNonInterectiveSigniInLogs is one of the data sources. As this table logs data where mostly no user intervention is needed so any error is also kept as a known secret. And in that process the The volume of failed logs is increased The error gets unnoticed and leads towards an unhealthy environment
The TOR IP List for Microsoft Sentinel
TOR was introduced and popularized with a mindset keep the privacy in place for the users using the internet. Theses days it has become a very misaligned thought and most used to hide activities done with a improper mindset. Now organizations want identify the users using TOR IP addresses to perform anonymous activity. And Microsoft Sentinel Provides single pane of glass for any hunting or analytical activities. But, there Tor website publishes a list IP addresses which is directly available to used for Analytics or Hunting in Microsoft Sentinel Hence, have build this solution and published with source code for the ease of adoption. The original list is available https://check.torproject.org/torbulkexitlist
Contact MeContact
Contact me here
Cloud | Data | Security
: Bangalore, India
: samik.n.roy@gmail.com
: Birla Institute of Technology & Science
: 07760772149
: English