This blog series is aimed at giving defense practitioners a thorough understanding of Windows access tokens for the purposes of detection engineering. Here in Part 1, we'll cover key concepts in Windows Security. The desired outcome is to help defenders understand how access tokens work in Windows environments.

As many organizations have migrated their infrastructure, applications, and data to cloud offerings, adversaries have extended their operational capabilities in cloud environments to achieve their mission — whether that means stealing intellectual property, disrupting business operations, or holding an organization’s data for ransom.

Want to know what actually goes on under the platform and behind the screens at Dashbird? We recently sat down for a Q&A with our CTO, Marek Tihkan, on leading and managing an engineering team. Today, we speak to Alex, one of the engineers on the Development team and the brain and elbow grease behind our newly launched Dashbird Atlas real-time 3D map of your entire serverless environment.

OpsRamp customer LifeSouth is a non-profit community blood bank based in Gainesville, Florida, and serving more than 100 hospitals in Alabama, Florida and Georgia. With 925 employees, LifeSouth has more than 30 donor centers, 55 blood mobiles and nearly 1,000 blood drives a month. Daniel Kerr, Configuration Management Engineer with LifeSouth Community Blood Centers, shared the current IT challenges and projects at his organization.

Microsoft announced the general availability of Windows Subsystem for Linux 2 in the Windows 10 May 2020 update, also known as version 2004. Today Microsoft announced an update for Windows 10 which brings WSL 2 back to the Windows 10 May 2019 and November 2019 updates, also known as versions 1903 and 1909, respectively.

It’s one thing to build a Kubernetes log management strategy that only needs to support Kubernetes. But most organizations don’t have that luxury. They have log management practices already in place for other types of platforms or infrastructure, and they need to extend them to support Kubernetes. How can you do that in an efficient way? Keep reading for tips on integrating Kubernetes logging data into your existing log management workflow without rebuilding from the ground up.

Monitoring and compliance are, in many ways, synonymous. At the very least, there’s a big overlap in terms of defining and monitoring rulesets you care about. The time frame may vary; with monitoring, you might jump on an alert right away, as opposed to the compliance team’s quarterly audit, but the foundation remains the same. As our development cycles grow ever more dynamic, the need for automating repetitive tasks becomes all the more important.

BugSplat users can now collect Android crashes with the Crashpad SDK. If you're supporting a cross-platform C++ application, porting a C++ application to Android, or creating a new NDK library from scratch, you can now use BugSplat to track, collect, and debug your Android crashes. This will bring the same in-depth view of crash events you get with BugSplat on other languages to your Android application.

BugSplat now supports attachments for Crashpad out of the box. Developers can include additional files with the Crashpad crash upload using the newest release of the BugSplat Crashpad SDK. This release includes updated examples that show how to include Crashpad attachments for Windows, Linux, Android, Qt Windows, and Qt Linux (but not yet for macOS). Before this change, including attachments with Crashpad out of the box was difficult.

As a leading global provider of cloud computing services with a business critical software portfolio, Microsoft is a key Splunk partner. In our mission to empower customers with data, we are delighted to share a few of the latest integrations, dashboards, and reference guides that help you extract even more value from your Microsoft environments. Here’s a peek at what we’ve been working on lately.