Shiva P
Shiva is currently working as a Sr. Security Researcher at Dart Microsoft.
With a background in engineering and operational security, he has over 9 yrs of experience working in various parts of security operations specializing in Threat Hunting, Incident Response, Detection Engineering and helping build SOC's from ground up.
Apart from work, he loves visiting trekking and is an avid gamer.
Session
In this presentation, we will explore the potential of Microsoft Graph API logs, focusing on its use for enhancing security, insights, and real-world attack scenarios within M365 environments. We begin by detailing the process of obtaining logs. We'll talk about fields which are critical for monitoring and analysis, correlatable fields and useful KQL functions that help. A comparison of delegated vs. application permissions to help attendees understand their distinct attack use cases and best practices.
The discussion will move to common attack patterns using Graph API, offering strategies for threat hunting and detection. Real-world stories from the frontlines will illustrate how organizations have successfully utilized Graph API to mitigate security incidents. Additionally, we will also highlight significant contributions from researchers and authors who've done great research in this field. The presentation will conclude with a summary of best practices and actionable insights for leveraging Microsoft Graph API logs to its fullest potential. This session aims to equip security professionals with the knowledge to effectively use Microsoft Graph API logs.