View profile

Azure Sentinel this Week - Issue #26

Microsoft Sentinel this Week
Azure Sentinel this Week - Issue #26
By Rod Trent • Issue #26 • View online
Happy Friday everyone!
I’m back again with this week’s issue of our weekly time together to talk about all things Azure Sentinel. This past week has been somewhat of a blur for me. You might remember from last issue, but my youngest son was married this week (yesterday, in fact), so as you can guess my focus has been shifted away from Azure Sentinel somewhat. But that’s where this awesome and growing community comes in. There’s still so much great content this week and every bit of it is worth knowing. We’ve created a fantastic product in Azure Sentinel that, in addition to supplying the necessary means to monitor security for the entire environment, it also does a great job in feeding creativity for the things you can build to share with others.
Its so great to see how this community thrives on its own. I’m just the tour guide, if you will, and so happy to do it.
There’s a few things to highlight about this week’s issue.
First off, many of you are already aware of the historically excellent Microsoft 365 Security for IT Pros book. This tome of knowledge has been updated and expanded. Written by Michael Van Horenbeeck, Peter Daalmans, Thijs Lecomte, and Damian Scoles, this book digs into each aspect of the Microsoft security stack. This edition has an entire chapter dedicated to Azure Sentinel and written by Thijs Lecomte.
We’ve been able to garner a slight discount on the book for newsletter subscribers. When I say slight, I mean s-l-i-g-h-t - but hey, anything is something. Go here to grab the discount: https://cda.ms/2qz
Secondly, there’s been rumors and links shared over the past couple weeks about a new library of knowledge for all things Microsoft security. Well, now that rumored resource has been officially released. Called the Microsoft Security Technical Content Library, you can use the search engine to refine content results to locate any piece of stray information about the Microsoft security stack. To try it out, here’s the link direct to the Azure Sentinel area: https://cda.ms/2qB
Remember my buddy Jing? If you’re just joining us, Jing is a super-smart, super-creative colleague of mine. He has a YouTube channel called TeachJing where he regularly discusses things like security, KQL, and Azure Sentinel. (TeachJing YouTube channel: https://cda.ms/2qC). Jing is also the individual that wrote and produced the Cyber Anthem (Cyber Security Rap). Yeah…OK…now you remember.
Well, Jing has another super-creative resource you should check out. He’s unleashed his own website aptly called TeachJing.com, but this website is a bit different. Jing has used React to develop a Windows 11-themed remote desktop experience that you can use. It contains all of the most popular resources for Azure Sentinel - just click on each as if it were your own desktop. I love this.
Jing walks through what he’s done in the following video: https://cda.ms/2qG
Lastly, just a quick note that I’m still working on an Azure Security Center edition of this newsletter. Some have suggested just combining ASC and Sentinel into a single newsletter, but I think we’ll start as two separate ones. Additionally, the ASC edition will probably also start as bi-weekly instead of weekly like this one. To be frank, ASC content is not as community-driven – yet. That means there’s not as much content. I believe as we start to dig deeper into ASC, we’ll start to see more community activity. A “build it and they will come” type of situation.
Stay tuned.
That’s it for this week. Thanks so much for being part of this ever-growing community. The newsletter always sees steady subscriber increases but the subscriber base grew extra fantastically this past week - even more so than in past weeks. I attribute that to all of you. Remember – this community grows with your efforts. See something cool in the newsletter? Don’t horde it - share it!
And, while the aspect of community participation seems very fellowship and community serving, its also OK to do it for selfish motives. The more you share, the larger the community grows, the more you’ll benefit from all the great community-created content. You win, we win.
So, do me a favor. This next week promise to invite at least one person to join our community by sending them to the following link: https://www.getrevue.co/profile/AzureSentinelToday
You don’t have to tell anyone that you’re doing it for purely selfish reasons. I sure won’t tell.
Now, on to the content…
Talk soon.
-Rod

Stuff to Read
File Integrity Monitoring & Az Sentinel | by Priscila Viana | Aug, 2021 | Medium
Two months into the Azure Sentinel journey and no incidents were raised. Is this really true? | Tales from a Security Professional
CrowdStrike Falcon, Defender for Endpoint and Azure Sentinel. | Azure Sentinel 101
Migrating content from traditional SIEMs to Azure Sentinel | Microsoft Security Blog
UPDATED with URL Detonation: How to Generate Azure Sentinel Incidents for Testing and Demos – Azure Cloud & AI Domain Blog
Stuff to Watch/Listen To
Architecting and Designing Azure Sentinel
Azure Sentinel Webinar: Streamlining your SOC Workflow with Automated Notebooks
Stuff to Have
Shivammalaviya/Threat Group 'Aggah' Persistent Detection
azure-rest-api-specs/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/onboardingStates at master · Azure/azure-rest-api-specs · GitHub
alexverboon/c2threadview_io_kql.md
azure-rest-api-specs/OnboardingStates.json at master · Azure/azure-rest-api-specs · GitHub
Sentinel-Queries/Device-FileDownloadedfromO365thenCopiedtoUSB.kql at main · reprise99/Sentinel-Queries · GitHub
Shivammalaviya/Trickbot - Fake 1Password Installation detection
Shivammalaviya/AntiVirus and EDR Bypass via Safe Mode Detection
New Stuff
What's new: Azure Sentinel new onboarding/offboarding API - Microsoft Tech Community
Stuff to Attend
Azure Sentinel Hackathon 2021: Solve Cybersecurity's greatest challenge! - Devpost
Azure Sentinel Workshop | IT Training | Softlanding, Vancouver, BC
Azure Sentinel In A Day Workshop • Wortell
Related Stuff
How to Control Deployment of Defender for Endpoint to your Linux machines – Azure Cloud & AI Domain Blog
Innovate securely with Azure | Azure Blog and Updates | Microsoft Azure
Log Analytics Legacy Queries now available in the new Query UI
Azure Monitor Logs extension for Azure Data Studio - Azure Data Studio | Microsoft Docs
News
Microsoft brings Azure Government Top Secret into GA | ZDNet
Here is how Microsoft wants you to secure your organization against cyberattacks - Neowin
Azure Government Top Secret now generally available for US national security missions | Azure Blog and Updates | Microsoft Azure
Microsoft named a Leader in The Forrester Wave™: Streaming Analytics, Q2 2021 | Azure Blog and Updates | Microsoft Azure
Did you enjoy this issue?
Rod Trent

The Microsoft Sentinel weekly newsletter helps uncover the new and important features and news for Microsoft's cloud-based SIEM+SOAR security tool.

In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Powered by Revue