Demystifying BEC Threat Detection in Microsoft 365

Thursday, 17 Apr 2025 1:00PM EDT (17 Apr 2025 17:00 UTC)
Speaker: Lydia Graslie

When it comes to threat detection on Business Email Compromise (BEC) in Microsoft 365, a new engineer can quickly become overwhelmed- which log sources contain the events I need? Which events do I need to look for? How do I make sure I'm getting all the events I need? Finally, how do I create good detections with the events I'm getting? This webcast familiarizes new threat detection engineers with critical log sources and provides guidance on creating production-ready detections.

Learning Objectives

Understand log events related to Business Email Compromise (BEC)
Familiarization with log sources in Entra ID and Microsoft 365
Understanding and enabling mailbox auditing events
Creating and tuning detections in KQL

Login to Register

Webcast - Demystifying BEC Threat Detection in Microsoft 365

Related Content

n2c blog 340x340.png

Security Awareness, Cybersecurity Leadership, Cloud Security, Open-Source Intelligence (OSINT), Industrial Control Systems Security, Digital Forensics, Incident Response & Threat Hunting, Cybersecurity and IT Essentials, Cyber Defense, Offensive Operations, Pen Testing, and Red Teaming

A Visual Summary of SANS New2Cyber Summit 2025

Check out these graphic recordings created in real-time throughout the event for SANS New2Cyber Summit 2025

CLD - Blog - Why You Should Enroll in SEC488_340 x 340.jpg

February 18, 2025

Why You Should Enroll in SEC488: Cloud Security Essentials

Gain hands-on expertise, tackle real-world challenges, and build a strong foundation in cloud security.

Doing Cloud in China

This article looks at how Amazon Web Services (AWS) and Microsoft Azure have modified their services to gain entry to the cloud market space in China