Welcome

The Cloud Threat Hunting Field Manual: Azure is your essential companion for mastering proactive cybersecurity strategies within Microsoft's cloud platform.

Whether you're new to cloud security or an experienced practitioner, this guide equips you with the knowledge and skills needed to safeguard Azure deployments against evolving cyber threats.

Jump Right In

Learn how to setup a free-tier Azure Account.

Learn the fundamentals of Azure environments.

Learn how to interact with Azure resources via the Azure CLI

Learn Kusto Query Language (KQL) in order to hunt via Azure Logs

Learn the fundamentals of PowerShell. Obtain a solid understanding of the Azure PowerShell Module and Microsoft Graph Module.

Learn core service logging and their associated schemas.

Gain insights into log retention and storage.

Learn fundamentals of threat hunting.

Gain insights into industry frameworks such as MITRE Att&ck.

References to Microsoft for Defender XDR and Incident Response.

Links and references to Azure security research, Azure CVEs and Azure Goat.

Learn Defender XDR and how to leverage it with Microsoft Defender products.

Azure SIEM/SOAR solution utilized for hunting and incident response.

References of each Defender product available.

Learn how to effectively manage devices.

Learn the fundamentals of Windows host security and related security tooling.

Learn tools and techniques to emulate an adversary to identify logging gaps, build detections, and more.

Learn the fundamentals of automation and Logic Apps.

Learn how to create packet captures within Azure as well as learn basic network protocol analysis. Wireshark, TShark, and Tcpdump Cheatsheets included.

Build practical skills with a detection lab powered by Azure Monitor and KQL to identify real-world threats.