Demystifying BEC Threat Detection in Microsoft 365



When it comes to threat detection on Business Email Compromise (BEC) in Microsoft 365, a new engineer can quickly become overwhelmed- which log sources contain the events I need? Which events do I need to look for? How do I make sure I'm getting all the events I need? Finally, how do I create good detections with the events I'm getting? This webcast familiarizes new threat detection engineers with critical log sources and provides guidance on creating production-ready detections.

 

Learning Objectives

  • Understand log events related to Business Email Compromise (BEC)
  • Familiarization with log sources in Entra ID and Microsoft 365
  • Understanding and enabling mailbox auditing events
  • Creating and tuning detections in KQL

Speaker and Presenter Information

 Lydia Graslie

Relevant Government Agencies

Other Federal Agencies, Federal Government, State & Local Government

Members who viewed this event also viewed:


Event Type
Webcast


When
Thu, Apr 17, 2025, 1:00pm ET


Cost
Complimentary:    $ 0.00


Website
Click here to visit event website


Organizer
SANS Institute


Contact Event Organizer



Return to search results