Koos Goossens

Microsoft Cloud & Security Consultant @ Wortell

I started out as an all-round ‘generalist’ where I’ve gained many years of experience working for small business by configuration, migrating and troubleshooting Windows environments, private-cloud infrastructure and everything that comes with it like networking, storage and hypervisors.

But since the end of 2017 my focus has primarily shifted towards Microsoft Azure and as of late specifically Azure Security and other Microsoft Security products like Microsoft Sentinel.
Besides helping with architectural design choices, I also like to build the solution afterwards. So, I’m no stranger to ARM templates, PowerShell and Azure DevOps Pipelines.

Lately I’ve been focussing more on implementing Microsoft Sentinel and improving Security Operation Centers by helping with the development of new detections and fine-tuning, but also applying processes for automatic enrichments and investigations. So, KQL and Azure Logic Apps became two of my new best friends.

#Microsoft #Azure #Sentinel #Security #DevOps #ARM #KQL #PowerShell

Blog: https://medium.com/@koosg

Mijn sessies

How to parse your custom data in Microsoft Sentinel?

During this session I’ll show the audience how they can develop a proper parser for their custom data coming into Microsoft Sentinel. This involves embracing the relatively new ASIM parsing normilization structure Microsoft now provides for their platform. Expect some deep-diving into KQL so that you’re able to make some sense out of those custom […]