Microsoft Sentinel

Microsoft Sentinel is a security information and event management (SIEM) and unified data lake platform that helps you uncover and quickly respond to threats. Explore case studies, product updates, and best practices to help you secure your multicloud environment.

Refine Results

Filtered by

Clear All

Microsoft Sentinel

Refine results

Sort By

Content Type

Topic

Products and services

Publish date

Start Date

End Date

Modernize your Security Operations Center with Microsoft Sentinel

Microsoft Sentinel is a cloud-native SIEM solution powered by AI and automation that delivers intelligent security analytics across your entire enterprise.

Learn more
December 4, 2024

16 min read

Frequent freeloader part I: Secret Blizzard compromising Storm-0156 infrastructure for espionage

Microsoft has observed Secret Blizzard compromising the infrastructure and backdoors of the Pakistan-based threat actor we track as Storm-0156 for espionage against the Afghanistan government and Indian Army targets.
October 31, 2024

8 min read

Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network

Since August 2023, Microsoft has observed intrusion activity targeting and successfully stealing credentials from multiple Microsoft customers that is enabled by highly evasive password spray attacks.
October 31, 2024

4 min read

Microsoft now a Leader in three major analyst reports for SIEM

Microsoft is positioned in the Leaders Category in the 2024 IDC MarketScape for worldwide SIEM for Enterprise—making it the third major analyst report in SIEM to name Microsoft as a Leader.
October 30, 2024

10 min read

Microsoft Ignite: Sessions and demos to improve your security strategy

Join us at Microsoft Ignite 2024 for sessions, keynotes, and networking aimed at giving you tools and strategies to put security first in your organization.
Retain Microsoft Security Experts

Microsoft Security Experts are now available to strengthen your team with managed security services. Learn how to defend against threats with security experts.

Get started
October 29, 2024

13 min read

Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files

Since October 22, 2024, Microsoft Threat Intelligence has observed Russian threat actor Midnight Blizzard sending a series of highly targeted spear-phishing emails to individuals in government, academia, defense, non-governmental organizations, and other sectors.
October 8, 2024

9 min read

File hosting services misused for identity phishing

Since mid-April 2024, Microsoft has observed an increase in defense evasion tactics used in campaigns abusing file hosting services like SharePoint, OneDrive, and Dropbox.
September 26, 2024

20 min read

Storm-0501: Ransomware attacks expanding to hybrid cloud environments

August 27, 2025 update: Storm-0501 has continuously evolved to achieve sharpened focus on cloud-based TTPs as their primary objective shifted from deploying on-premises endpoint ransomware to using cloud-based ransomware tactics.
August 30, 2024

9 min read

North Korean threat actor Citrine Sleet exploiting Chromium zero-day

Microsoft identified a North Korean threat actor exploiting a zero-day vulnerability in Chromium (CVE-2024-7971) to gain remote code execution (RCE) in the Chromium renderer process.
Tailored AI insights from Microsoft Security Copilot

Empower your defenders to detect hidden patterns, harden defenses, and respond to incidents faster with generative AI.

Learn more
August 28, 2024

14 min read

Peach Sandstorm deploys new custom Tickler malware in long-running intelligence gathering operations

Between April and July 2024, Microsoft observed Iranian state-sponsored threat actor Peach Sandstorm deploying a new custom multi-stage backdoor, which we named Tickler.
August 8, 2024

15 min read

Chained for attack: OpenVPN vulnerabilities discovered leading to RCE and LPE

Microsoft researchers found multiple vulnerabilities in OpenVPN that could lead to an attack chain allowing remote code execution and local privilege escalation.
July 29, 2024

9 min read

Ransomware operators exploit ESXi hypervisor vulnerability for mass encryption

Microsoft Security researchers have observed a vulnerability used by various ransomware operators to get full administrative access to domain-joined ESXi hypervisors and encrypt the virtual machines running on them.
July 25, 2024

11 min read

Onyx Sleet uses array of malware to gather intelligence for North Korea

On July 25, 2024, the United States Department of Justice (DOJ) indicted an individual linked to the North Korean threat actor that Microsoft tracks as Onyx Sleet.