Azure Sentinel this Week - Issue #30



Subscribe to our newsletter

By subscribing, you agree with Revue’s Terms of Service and Privacy Policy and understand that Microsoft Sentinel this Week will receive your email address.

Microsoft Sentinel this Week
Azure Sentinel this Week - Issue #30
By Rod Trent • Issue #30 • View online
Once upon a time there was a small newsletter focused on Azure Sentinel…
That’s how it all started. But, thanks to all of you our community just keeps growing and growing. This newsletter has become a weekly staple for many and I truly appreciate all the interest and all those that have reached out to comment. Each week I’m even more amazed at the way this community gives selfishly to ensure knowledge is shared.
So, thanks to everyone!
Can you believe we’ve hit 30 issues already?? 30! Wow. I can vaguely remember when I turned 30.
For those that are new to this weekly missive, welcome! You’re joining a strong, vibrant, and growing community. We have just one rule here (other than being kind to each other) and that is to not keep this newsletter and the newsletter content to yourself.
If you like the newsletter and know someone that will also enjoy it, send them to the archive and subscribe page:
If you find content in the newsletter that is valuable to you, there’s a great chance someone will, too. So, share it! Share it far and wide over Twitter or LinkedIn (using the #AzureSentinel hashtag) or simply forward the link to the article, video, event, or collateral to that special someone.
I noted in last week’s newsletter issue that Part 2 of our Azure Sentinel Notebooks Ninja blog series was due soon. It took almost another entire week to happen but I was able to keep my promise. And, it really did come down to the wire. This Jupyter Notebooks for Azure Sentinel project has consumed my life recently, but its been truly rewarding and I’ve learned a lot myself. I started the draft on Part 3 early this past week, and that one should release in a much quicker fashion than Part 2 <fingers crossed>.
We were waiting on Part 2 to release prior to sending out invites for our first-ever, public-facing Azure Sentinel Notebooks training. Those that signed-up for the training should’ve received an email from me yesterday and then a follow-up email from my colleague Che Nguyen with the actual Teams invite. If you signed-up to attend (using the form link we amplified a month or so ago) and did not see either my email or Chi’s invite, let me know. I want to make sure anyone that requested to participate isn’t excluded because of some silly email snafu.
I have a couple sessions coming up you might interested in attending. One of those is later today, in fact.
Later today at 1:40pm EST, I’ll be delivering a session on using Azure Sentinel as the tool of choice for your SOC for the Cloud Summit 2021. The summit has been running live all week long with tons of great content and learning. It runs live all day long today, too. I’m the second-to-last session for the week.
Next week is the big week. We’re hosting the first-ever, half-day virtual event called Well-Architected: The Backstage Tour. This is a unique event that covers many aspects of Azure. I’m on tap to cover the Security piece and will talk about “The Secret Life of a Security Signal.” Essentially, this attempts to detail in 20 minutes how Microsoft takes threat signals and turns them into security intelligence that any customer can use to monitor environment security. Its a neat take on a topic no one talks about.
I hope to see you at both events.
Talk next week…

Stuff to Read
Azure Sentinel Notebooks Ninja Part 2: Getting Started with Azure Sentinel Notebooks - Microsoft Tech Community
Discover sensitive Key Vault operations with Azure Sentinel
How to Get Time Range Help Directly in the Azure Sentinel Console – Azure Cloud & AI Domain Blog
Splunk to Sentinel Migration - Part I - ACS Blogs
Splunk to Sentinel Migration - Part II - Alerts and Alert Actions - ACS Blogs
Splunk to Sentinel Migration - Part III - Lookups, Source Types and Indexes - ACS Blogs
Splunk to Sentinel Migration - Part IV - Searches - ACS Blogs
Splunk to Sentinel Migration – Part V – Reports and Dashboards - ACS Blogs
How to Create a Pie Chart Showing Threat Protection Signature Versions – Azure Cloud & AI Domain Blog
Threat Hunting with Jupyter Notebooks— Part 1: Your First Notebook 📓 | by Roberto Rodriguez | Posts By SpecterOps Team Members
Stuff to Watch/Listen To
Azure Sentinel Webinar | What’s New in the Last 6 Months
Microsoft Security Days - September 13, 2021 | Azure Sentinel Better Together w/ ASC & M365 Defender
Azure Sentinel webinar: Best Practices Converting Detection Rules
KQL Tutorial Series - Best tutorial to learn KQL Functions! (Labs included) | EP7
Stuff to Have
GitHub - miriamxyra/EventList: EventList
Sentinel-Queries/Device-DetectLocalAdminsWhoHaventElevated.kql at main · reprise99/Sentinel-Queries · GitHub
Sentinel-Queries/SecurityEvent-AnomalousIPCRecon.kql at main · reprise99/Sentinel-Queries · GitHub
Sentinel-Queries/Vuln-CVE-2021-40444.kql at main · reprise99/Sentinel-Queries · GitHub
GitHub - Cloud-Architekt/AzureAD-Attack-Defense: This publication is a collection of various common attack scenarios on Azure Active Directory and how they can be mitigated or detected.
Stuff to Attend
New or Updated Stuff
MSTICPy Release 1.4.2 — Azure sovereign clouds, Matrix visualization, Process Tree updates | Medium
Azure sovereign clouds, Matrix visualization, Process Tree update in MSTICPy 1.4
Get started with Jupyter notebooks and MSTICPy in Azure Sentinel | Microsoft Docs
Related Stuff
Azure Lighthouse accelerates Cloud Management curriculum –
Azure Data Explorer cost estimator is now available in Azure pricing calculator - Microsoft Tech Community
A Phishing Guide: Lessons Learned on the Journey to Detecting Phishing Domains | by Jonathan Ticknor | security analytics | Medium
UEBA in Enterprise SecOps. User and Entity Behavior Analytics… | by malwaremily | Medium
Partner Stuff
How Senserva can help to protect your organization from cyberattacks - Senserva
Did you enjoy this issue?
Rod Trent

The Microsoft Sentinel weekly newsletter helps uncover the new and important features and news for Microsoft's cloud-based SIEM+SOAR security tool.

In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Powered by Revue