View profile

Azure Sentinel this Week - Issue #29

Microsoft Sentinel this Week
Azure Sentinel this Week - Issue #29
By Rod Trent • Issue #29 • View online
And, the beat goes on.
Welcome back everyone! Except for some family health issues (aging parents) this past week, the week has been a good one here in the Trent household. I hope the week was equally good for you.
I just have a couple things to share this week before leaving you to the newsletter content.
First, Part 2 of our Azure Sentinel Notebooks Ninja blog series is due soon. We had planned to release it a week ago, but we’re working through some technical difficulties and waiting for a couple other important pieces to also be available - specifically some awaited documentation that helps fill in gaps. You can still catch up with the rest of us by reading (or re-reading) through Part 1: Becoming an Azure Sentinel Notebooks ninja - the series! This way we can all progress through the learning together, somewhat like it would be if we were all packed into a real, in-person workshop. Imagine that. Those were the days, huh?
Another note about this is that we will also be providing an actual Ninja certificate for those that complete the knowledge check once the series is done. People love the Ninja certificates! So, there will be a reward for your efforts to learn about Azure Sentinel Notebooks.
Second thing to highlight, is that we’ve released the schedule for our upcoming security webinars for the next couple months. You can find all of them HERE, but I thought I’d take the opportunity to include the Azure Sentinel-specific ones to whet your appetite.
  • September 14 Azure Sentinel | Learn About Customizable Anomalies and How to Use Them
  • September 15 Azure Sentinel | What’s New in the Last 6 Months
  • September 29 Better Together | OT and IoT Attack Detection, Investigation and Response
  • October 5 Better Together | Azure Defender and M365 Defender
  • October 6 Azure Sentinel | Turbocharging ASIM: Making Sure Normalization Helps Performance Rather Than Impacting It
  • October 18 Azure Sentinel | SAP Mini-Series Part 1: Introduction to Monitoring SAP with Azure Sentinel for Security Professionals
  • October 25 Azure Sentinel | Explore the Power of Threat Intelligence in Azure Sentinel
  • October 28 Azure Sentinel | What’s New in Azure Sentinel Automation
  • November 9 Azure Sentinel | SAP Mini-Series Part 2: Deep Dive - End-to-End Installation of SAP for Azure Sentinel
  • November 10 Azure Sentinel | Decrease Your SOC’s MTTR (Mean Time to Respond) by Integrating Azure Sentinel with Microsoft Teams
  • November 16 Azure Sentinel | Create Your Own Azure Sentinel Solutions
  • November 22 Azure Sentinel | Everything You Ever Wanted to Know About Using the New Azure Monitor Agent (AMA) with Azure Sentinel
I mention these for a selfish reason, too. I was put on the webinar team this past week, so you will find me at each of these capturing your questions and supplying answers during the live event. So, if you need extra incentive to attend one of these fantastic learning events, you can now show up and play “stump the chump” and see if you can stymie me in this new capacity.
Next week, I’ll have some tidbits to share about some upcoming events I’m speaking at (both virtually and in-person).
Until then…
-Rod

Stuff to Read
Protecting Azure Key Vault with Azure Sentinel | Azure Sentinel 101
Microsoft 365 Defender XDR and Azure Sentinel Fusion attack and detection example | by Derk van der Woude | Sep, 2021 | Medium
Audit Active Directory Certificate Services using Azure Sentinel
Audit Active Directory Certificate Services using Azure Sentinel - part 2
Azure Sentinel and Security Logs
Uncovering new unknowns: How to approach EDR & logging Cyber EO milestones - Microsoft in Business Blogs
Check the health of your exported Azure Sentinel logs in your ADX cluster
Passing AZ-900 Azure Security
Stuff to Watch/Listen to
Using the Azure Sentinel Information Model Process Events Schema ASIM
A Day in the Life of an Azure Sentinel Analyst
Azure Sentinel Hunting with KQL Queries.
Security Days Event - Azure Sentinel - EMEA Session
1 SOC Process Framework Overview Final
2 SOC Process Framework High level topics Final
3 SOC Process Framework Incident Reponse framework & procedures Final
4 SOC Process Framework Analytical process and procedures Final
5A SOC Process Framework Operational processes and procedures Final
5B SOC Process Framework Operational processes and procedures Final V2
6 SOC Process Framework Business processes and procedures Final
7 SOC Process Framework Technology processes and procedures Final
8 SOC Process Framework SOC actions Final
Stuff to Have
MDATP/Sign-in - Auditlog outside office hours.md at master · alexverboon/MDATP · GitHub
kql/ipfskql.yaml at main · swiftsolves-msft/kql · GitHub
kql/externaldata at main · swiftsolves-msft/kql · GitHub
Stuff to Attend
Azure Sentinel Hands-On Workshop | Satisnet
'Sentinel in Seconds' - Deploy, Automate and Monitor Azure Sentinel | Satisnet
New Stuff
Azure Sentinel Ninja Training - the Sept 2021 update - Microsoft Tech Community
Introducing: Azure Sentinel Data Exploration Toolset (ASDET) - Microsoft Tech Community
What's New: Azure Sentinel - SOC Process Framework 8 Part Video Series! - Microsoft Tech Community
Related Stuff
How to query data located in Azure Blob Storage, Azure Data Lake Store Gen2/1 with ADX - Microsoft Tech Community
Azure backup and restore plan to protect against ransomware | Microsoft Docs
Query data in Azure Data Lake using Azure Data Explorer | Microsoft Docs
Partner Stuff
Microsoft Azure Sentinel Free Trial | Recorded Future
News
Government of Nunavut comes back stronger after ransomware attack with Microsoft security solutions
Did you enjoy this issue?
Rod Trent

The Microsoft Sentinel weekly newsletter helps uncover the new and important features and news for Microsoft's cloud-based SIEM+SOAR security tool.

In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Powered by Revue