Microsoft Sentinel Deployment & Log Ingestion: Ingesting Platform Logs via Diagnostic Settings
Hello Immersive Labs community, I’ve been working through the lab tasks and successfully completed tasks 1 through 6. However, I’m stuck on task 7, which asks: "A storage account has been deleted. What would be the data type of the generated log?" The task seems oddly described, and I can’t find any clear hints in the lab briefing or online resources. I’ve tried querying various data types like AzureActivity, AuditLogs, StorageBlobLogs, StorageFileLogs, and others, but none seem to fit correctly. Could anyone provide guidance or confirm which data type is actually relevant for this scenario? Are there any specific tips or resources I might be missing? Thanks in advance for your help!
Powershell Deobsfuscation Ep.7
I was working on this and got stuck with Ep.7. Appreciate if anyone can assist with this Powershell de-obfuscation. Step 1: I removed the splits accordingly and converted from hexadecimal Step 2: Next, there was another set of splits to perform and ascii conversion. Ended up with the small snip of string at the bottom with a lot of (spaces and tabs) at the beginning. Basically empty spaces before coming to this short scripts. I am not sure on how to move from here. Anyone can assist with this pls?
Your first lab level 9
What was the first level 9 lab you conquered? :). It does not matter that you will seek advice from other giants, or that you will manage to complete it on your own: share your journey with us!; to get the token or become root on that server. I start: I think that my first conquest of Lab level 9 is related to debugging ByteCode in Java (and only a few days ago!): my background is Oracle, and from years ago, so imagine how lost I was :). After loading the project into the IDE (along with the required plugin) I started debugging bit by bit... until one particular string caught my attention; it stood out from the rest!. And it was the solution :). Good luck!
