Koos Goossens
Microsoft Security MVP | Cloud & Security Consultant @ Wortell
Maurik, The Netherlands
Actions
Koos began his career as a versatile "generalist," gaining extensive experience working with small businesses to configure, migrate, and troubleshoot Windows environments, private-cloud infrastructures, and all related components, including networking, storage, and hypervisors.
Since late 2017, his focus has shifted primarily to Microsoft Azure, specializing in Azure Security and Microsoft Security products, such as Microsoft Sentinel and Defender XDR. While he excels in making architectural design decisions, he also values hands-on expertise, leveraging tools like ARM templates, PowerShell, Git, and Azure DevOps Pipelines to build and implement solutions effectively.
In recent years, Koos has concentrated on enhancing Security Operations Centers by implementing Microsoft Sentinel, developing advanced detections, integrating diverse log sources, and automating processes for enrichment and investigation. His work heavily relies on KQL and Azure Logic Apps, which have become key tools in his projects.
Passionate about sharing his knowledge, Koos documents his challenges and solutions in articles on Medium [aka.ms/koos], hosts a monthly podcast "everyday df3ndr" [df3ndr.io] and speaks at industry events. His contributions to the community were recognized in 2023 when Microsoft awarded him the MVP title in both the categories of Cloud Security and SIEM & XDR.
#Microsoft #Security #MVP #Azure #Sentinel #Defender #DevOps #ARM #KQL #PowerShell #Logstash
Area of Expertise
Topics
Build your security data lake with Microsoft Sentinel & Data Explorer; a match made in Azure! ☁️🔐
In this session, Koos unravels the secrets of efficient and cost-effective log storage for security logs (a.k.a. Security Data Lake).
He'll explain why Microsoft Sentinel isn’t always the best destination for ALL security logs, particularly "chatty" logs like network or firewall data.
Koos will highlight the benefits of Azure Data Explorer, offering limitless storage at a fraction of the cost while retaining the power of Kusto Query Language (KQL) for seamless data exploration.
He demonstrates how to build a multi-tiered log architecture with multiple tiers of logging value and shows how security analysts can retrieve logs from multiple destinations directly within the Defender XDR UI.
Koos also clarifies the differences between "parse on ingest" and "parse on query" for custom logs, outlining how each approach can enhance architecture.
Finally, he explores how Elastic Logstash simplifies log distribution across multiple sources and destinations, proving to be the Swiss Army knife of logging solutions.
The session includes several demos where Koos showcases free PowerShell tools he has developed over the years to optimize and deploy solutions at scale with ease.
Key takeaways:
- The pros and cons for each Sentinel Table tier (Analytics, Basic, Auxiliary).
- Why Azure Data Explorer (ADX) might be a perfect companion alongside Sentinel.
- How to create a multi-tiered log architecture with multiple destinations. And how security analysts can explore data from all of them (including ADX) straight from Defender XDR.
Getting the most bang for your logs 🪵; Sentinel tips you can’t afford to miss! 💰
Discover how to unlock the full potential of Microsoft Sentinel without breaking the bank!
This session dives into practical tips and field-tested strategies to optimize your Sentinel setup. Learn how to start leveraging Sentinel for free, make informed architectural decisions and create a logging strategy with the new data lake feature.
Keep your costs under control with smart KQL queries and custom alerts. Explore techniques to monitor performance, troubleshoot ingestion issues,
Whether you're new to Sentinel or looking to refine your setup, this session has something for everyone.
ESPC24 Sessionize Event
Experts Live Europe 2023 Sessionize Event
Experts Live Netherlands 2023 Sessionize Event
Experts Live Netherlands 2022 Sessionize Event
Koos Goossens
Microsoft Security MVP | Cloud & Security Consultant @ Wortell
Maurik, The Netherlands
Actions
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top