Logging & Monitoring

Collect the right signals, enrich them with context, and turn telemetry into action across Microsoft and AWS.

Overview

Logging and monitoring form the backbone of detection engineering. Strong telemetry enables identity protection,
Zero Trust enforcement, incident response, and threat hunting. This pillar focuses on OS, cloud, and network signals,
plus advanced detection rules in Microsoft Sentinel, AWS GuardDuty, and other cloud-native tools.

Completed Labs

No completed labs yet — this pillar is currently being built.

In Progress Labs

0305

Intune Monitoring — Device & User Activity

Sign-ins · audit logs · compliance states

0601

Endpoint Defender Security Policies + Monitoring

Exposure scores · threat actions

AWS-06

AWS Monitoring with CloudWatch

Metrics · alarms · event logs

Lab 08

NIDS/HIDS Alerts

Host & network intrusion detection

Lab 22

Capturing Network Traffic

Packet capture · telemetry

Lab 23

Incident Response Procedures

Log triage · escalation workflow

Lab 25

Autopsy Forensics Investigation

Artifacts · deleted file recovery

Advanced Logging & Monitoring Labs

Cloud-native detection engineering and real-time telemetry processing.

Advanced

Microsoft Entra — Audit & Sign-In Logs

Export to Sentinel · KQL queries

Advanced

Microsoft Sentinel — Custom Analytic Rule

Detect risky sign-ins · anomalies

Advanced

AWS GuardDuty — Findings Triage

Threat intel signals → response