OrangeCon

Parthiban R

Parthiban is working as a Sr. Threat Intelligence Analyst at Atlassian, with around 10 years of experience in the cybersecurity domain, and holds a Master's degree in Information Security & Cyber Forensics. Previously he worked as a Threat Researcher at Anomali as part of the Threat Research Team. He was responsible for researching and tracking threat actors, writing threat intel blogs, and analyzing actor infrastructure. He also worked as an Incident Handler at Symantec and Microsoft, handling various security incidents and attacks on Fortune 500 companies. Outside of work he enjoys traveling and exploring different food cuisines.


Session

09-05
15:00
20min
Graph API Mastery - Logs to Real World Attacks
Shiva P, Parthiban R

In this presentation, we will explore the potential of Microsoft Graph API logs, focusing on its use for enhancing security, insights, and real-world attack scenarios within M365 environments. We begin by detailing the process of obtaining logs. We'll talk about fields which are critical for monitoring and analysis, correlatable fields and useful KQL functions that help. A comparison of delegated vs. application permissions to help attendees understand their distinct attack use cases and best practices.

The discussion will move to common attack patterns using Graph API, offering strategies for threat hunting and detection. Real-world stories from the frontlines will illustrate how organizations have successfully utilized Graph API to mitigate security incidents. Additionally, we will also highlight significant contributions from researchers and authors who've done great research in this field. The presentation will conclude with a summary of best practices and actionable insights for leveraging Microsoft Graph API logs to its fullest potential. This session aims to equip security professionals with the knowledge to effectively use Microsoft Graph API logs.

Track 2
Second track