Cyber Resource Center
Discover our expert guides on multi-tenant management, KQL Threat Hunting, and SOAR orchestration for Microsoft Security.
AAL1 vs AAL2 Assurance Standard: A password is no longer enough in SOC
Protecting the access of your SOC team requires absolute security. Learn the difference between AAL1 and AAL2 (MFA) insurance standards.
AI in cyber investigation: Copilot or blind automation?
Will AI replace SOC analysts? Find out why the Copilot approach (decision support) is safer and more effective than a 100% autonomous SOAR.
AlienVault OTX: The IP address reputation algorithm
Assessing a suspicious IP address (OSINT) is crucial. Learn how the Akuity SOC algorithm and AlienVault OTX calculate risk score.
Analyze network connection failures by IP: The KQL model to copy
Brute force and password spraying attacks target your Entra ID accounts. Learn how to track them using the KQL DeviceLogonEvents table.
Brute force attacks on Azure AD: Detect, qualify and block
Brute force attacks target Microsoft Entra ID daily. Learn how to detect them and use Compromise Confirmation to block them.
Centralize Defender, Intune and Entra ID: The end of fragmented navigation
In the midst of a cyber crisis, juggling between Microsoft portals is dangerous. Find out how to centralize your SOAR evidence and actions in a single Cockpit.
Cognitive overload in SOC: How AI qualifies 50% of your false positives
Alert fatigue destroys the productivity of cyber analysts. Discover how out-of-band AI automatically qualifies background noise.
Conditional Access Policies and Compromised User Status
SOAR does not replace Zero Trust architecture, it enables it. Understand how the Confirm Compromised action triggers your Entra ID Conditional Access rules.
Cyber data sovereignty: The importance of European hosting
Storing your Microsoft crash logs outside of Europe poses a legal risk. Discover the guarantees of a SOC orchestrator based in Germany.
Decoding PowerShell obfuscation: Human analysis versus Gemini
Attackers hide their malicious code by encoding their scripts. Learn how Gemini AI instantly decodes PowerShell obfuscation.
Google Web Risk: Block phishing infrastructures
Phishing regularly bypasses your spam filters. Learn how to leverage Google Web Risk within your SOC to block these threats at the source.
How to deploy a security orchestrator without installing any agents
Learn how Akuity SOC's Zero Agent architecture eliminates deployment friction and secures your Microsoft infrastructure through API.
How to isolate a ransomware-infected workstation with Microsoft Intune
Learn how to trigger emergency network isolation of a compromised machine via Microsoft Intune and the Graph API from your SOAR console.
How to justify the ROI of your SOC using the Real Resolution Rate
The cybersecurity budget is often seen as a wasted expense. Find out how to use your SOC Dashboard to prove your ROI.
How to manage 50 Microsoft Defender tenants without multiplying tabs?
Learn how MSSPs can stop tab fatigue, reduce MTTR, and drive 50 Microsoft Defender tenants from a unified console.
How to secure your global KQL executions with Rate Limiting
Microsoft's Advanced Hunting API is powerful but subject to quotas. Find out how Akuity SOC Rate Limiting protects your MSSP tenants.
Impossible Travel on Entra ID: Analyze and react
An Impossible Travel alert isn't always a hack. Discover how Akuity SOC's JIT analysis helps qualify risk without blocking your users.
Isolate suspicious communications: KQL for ports 4444 and 8080
Hackers use non-standard network ports to exfiltrate data. Learn how to block them with the DeviceNetworkEvents table in KQL.
JIT (Just-In-Time) Analysis: Real-time identity investigation
SIEM logs are often outdated. Learn how Just-In-Time (JIT) analytics via Microsoft Graph accelerates Entra ID incident response.
M365 Phishing Purge: Delete an entire email
A phishing campaign targeting your employees? Learn how to run a global email purge (Soft-Delete) via Microsoft Graph Security.
Microsoft Secure Score: Audit your customers' posture in the blink of an eye
Managing the cyber posture of multiple clients is complex. Learn how to use the consolidated Microsoft Secure Score to audit your MSSP tenants.
Middleware and API Security: Block unauthenticated remediation
Securing the web interface (Frontend) of a SOAR is not enough. Learn how Akuity's Next.js Middleware blocks API requests without MFA AAL2 sessions.
MSSP: Why oAuth enrollment is infinitely more secure than a local agent
Learn why deploying traditional security agents is a risk for MSSPs, and how Microsoft Graph oAuth API integration solves the problem.
MTTR: The only metric that matters in the face of active compromise
Mean Time to Resolution (MTTR) is the pulse of your cyber defense. Découvrez pourquoi le mesurer et comment le réduire drastiquement avec un SOAR.
NIS Directive 2: The obligation of traceability of remedial actions
The European NIS 2 directive imposes strict logging and traceability obligations. Find out how to become compliant.
Password Reset vs Session Revoke: The Vital Difference
Changing a password is not enough to stop a hacker who is already connected. Learn the technical difference between resetting and revoking Entra ID sessions.
Reverse Charge and intra-community invoicing: Simplify the management of your SOC
Managing incident-based billing and intra-community VAT (Reverse Charge) is a headache for European MSSPs. Find out how to automate it.
Secure SQL Views: Generate statistics without breaking the RLS
Calculating SaaS KPIs on a multi-tenant basis is an architectural challenge. Learn how the SECURITY INVOKER option maintains RLS in PostgreSQL.
SOC 2 Audit Logs: Why JSON is the standard
SOC 2 Type II audits require immutable traceability. Find out why accountability in JSON format has become essential for your security.
SOC dashboards: 5 essential KPIs for your Comex
Presenting your cybersecurity assessment to the Comex requires clear indicators. Discover the 5 essential SOC KPIs provided by the Akuity platform.
SOC Resolution Rate: The Mathematical Mistake All Companies Make
Showing a resolution rate of 99% in SOC is often a statistical lie. Discover the real formula for calculating the efficiency of your teams.
SOC security: Why choose TOTP over SMS (MFA)
Double authentication via SMS is vulnerable to SIM Swapping and Phishing. Find out why your SOC should use TOTP (AAL2) applications.
The Complete Guide to Microsoft Graph API Permissions for Security
Discover the Microsoft Graph API permissions essential to manage secure SOAR (Least Privilege) and automate your cyber remediation.
The dangers of MSSP shared databases (and why require RLS)
Cross-client data leakage is an MSSP's worst nightmare. Find out how PostgreSQL Row-Level Security (RLS) guarantees absolute watertightness.
The DeviceProcessEvents practical guide: Uncovering Fileless malware
Attackers use PowerShell and CMD to bypass antiviruses. Learn how to track down these Fileless malware with the KQL DeviceProcessEvents table.
The Double Cyber Discourse: How to translate logs for the Comex
In the midst of a cyber crisis, communication with management is strategic. Discover how Akuity SOC’s Double Discourse translates Defender logs for Comex.
Token Theft: The attack that bypasses Entra ID’s MFA
Double authentication is no longer enough in the face of session token theft (Token Theft). Find out how to revoke Entra ID sessions in 1 click.
Understanding the MITER ATT&CK Kill Chain with concrete examples
Learn how to model your cyberattacks with the MITER ATT&CK framework. Find out how Akuity SOC’s Visual Kill Chain accelerates your investigations.
Untitled
Untitled
Vertex AI and privacy: Why your logs don't train AI
The use of AI in cybersecurity raises privacy issues. Learn how Vertex AI and Akuity protect your Microsoft data.
What is an Indicator of Compromise (IOC) and how to exploit it?
Learn what an Indicator of Compromise (IOC), the Pyramid of Pain, and how to leverage OSINT to block cyberattacks.
Why inject a blocking IOC for a strict duration of 90 days?
Banning a malicious IP permanently is a strategic mistake in SOC. Find out why 90-day validity in Defender is best practice.
Why it is vital to visualize the spread of an attack chronologically
Blocking the latest security alert is not enough. Find out why finding Patient Zero via timeline analysis is essential for SOC.
Why reading JSON Defender logs is your SOC’s worst enemy
Manually parsing Microsoft Defender JSON payloads slows down your incident response. Find out how AI automates this decryption.
Why Threat Hunting KQL is time-consuming for an MSSP (and how to automate it)
Proactive investigation is vital but complex at scale. Learn how to automate Threat Hunting KQL across multiple Microsoft Defender tenants.
Why your SMB needs a Microsoft Defender SOAR (and not just a SIEM)
Discover the fundamental difference between a SIEM and a SOAR for your SME. Reduce your MTTR and automate your Microsoft incident response.