Azure Sentinel this Week - Issue #27



Subscribe to our newsletter

By subscribing, you agree with Revue’s Terms of Service and Privacy Policy and understand that Microsoft Sentinel this Week will receive your email address.

Microsoft Sentinel this Week
Azure Sentinel this Week - Issue #27
By Rod Trent • Issue #27 • View online
Good Friday, everyone! And, welcome to week 27 of this fine, now well-established weekly missive.
I just finished editing and delivering the very first ever newsletter for Azure Security Center. That’s right…this Azure Sentinel newsletter now has a sister publication that delivers bi-weekly. If you’re interested in that, or if you have colleagues that are more interested in Security Center than Sentinel, the following link can be used to view the first issue and to subscribe to receive in email:
As always, I have a couple thing to highlight before letting you get to the newsletter content.
The first big thing is a thinly veiled reference to a new, up-and-coming Azure Sentinel table called SentinelHealth. As you can imagine, this table will provide a stack of great information for you to be able to get the health of your Azure Sentinel environment including things like Data Connectors, Analytics Rules, etc.
The table is currently empty, but I wanted you to be aware of its existence and be ready. The table reference is public and was added on August 19, which means release is close. Stay tuned for more information about this.
Most of you know that I’ve been in a new role here at Microsoft for only a few weeks. I’ve been busy, though. My first big project is about 99.9% complete and this effort will culminate into a big, public virtual event called the Well-Architected: The Backstage Tour
I’ll be speaking alongside several of my colleagues. The content for this event is a bit different. Instead of grandiose product walkthroughs, its chunk-sized nuggets of consumable “backstage pass” information. We’ve taken some of the super-secret sauce behind our platforms and services and are making them public. If you’re interested in things like how a threat signal ends up in an alert in Azure Sentinel, this will be a must-see event for you.
I just know how I can follow-up directly after the Mark Russinovich keynote.
I hope you can attend. The link again is:
I hope you all have a great week forward.
Enjoy the rest of the newsletter and we’ll talk soon.

Stuff to Read
How to Extract the Confidence Score from the Anomali Feeds for Azure Sentinel – Azure Cloud & AI Domain Blog
Azure Sentinel Gets Its Own Knowledge Check and Completion Certificate – Azure Cloud & AI Domain Blog
Consuming threat data in a flat file
How to proactively defend against Mozi IoT botnet | Microsoft Security Blog
Stuff to Watch/Listen To
Introduction to Azure Sentinel Cloud-Native Security Information and Event Manager - Edgile
Daniel Stefaniak: "Special Guest Mark Simos - cutting through zero trust BS"
Automate threat detection and response with Azure Sentinel and Microsoft 365 Defender
Stuff to Have
Microsoft 365 Defender, Azure Defender, Azure Sentinel One-Page Diagram | Managed Sentinel
GitHub - BlueTeamLabs/sentinel-attack: Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
Shivammalaviya/CryptoCurrency Mining Pools domains Detection
SentinelKQL/ProxyShell.txt at master · rod-trent/SentinelKQL · GitHub
Sentinel-Queries/KeyVault-AccessManipulation.yaml at main · reprise99/Sentinel-Queries · GitHub
AzureSentinelKQLScripts/Device-CreateSetofDevicePerLocalAdmin.kql at master · ManagedSentinel/AzureSentinelKQLScripts · GitHub
Shivammalaviya/Detection for APT31 new dropper
Sentinel-Queries/Device-CreateSetofLocalAdminsperDevice.kql at main · reprise99/Sentinel-Queries · GitHub
AzureSentinelMisc/jcp-01-00021.pdf at master · rod-trent/AzureSentinelMisc · GitHub
GitHub - SwiftOnSecurity/sysmon-config: Sysmon configuration file template with default high-quality event tracing
Shivammalaviya/Detects Conti Ransomware
GitHub - keyoke/SentinelCustomWatchlistImport: Sentinel custom watchlist import solution which can be used to work around the watchlist file size limitation of 3.8 MB.
New Stuff
Azure Monitor Logs reference - SentinelHealth | Microsoft Docs
What's new: Azure Sentinel Ninja Training Knowledge Check - Microsoft Tech Community
Azure Sentinel Incident View Column Chooser Reaches GA – Azure Cloud & AI Domain Blog
Stuff to Attend
Related Stuff
An Alternative Way of Using MITRE ATT&CK® for Threat Hunting and Detection | by Mehmet Ergene | Aug, 2021 | Medium
Azure Security Stack Mappings: The Top Native Security Controls for Ransomware - Security Boulevard
Monitor ingestion with ADX Insights
Log Analytics Legacy Queries save/edit experience upgrade
How Azure Security can help Federal Agencies meet Cybersecurity Executive Order Requirements - Microsoft Tech Community
Did you enjoy this issue?
Rod Trent

The Microsoft Sentinel weekly newsletter helps uncover the new and important features and news for Microsoft's cloud-based SIEM+SOAR security tool.

In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Powered by Revue