View profile

Azure Sentinel this Week - Issue #31

Microsoft Sentinel this Week
Azure Sentinel this Week - Issue #31
By Rod Trent • Issue #31 • View online
Welcome to issue #31 everyone!
It’s been a couple weeks, but its good to get back together again. We have some fantastic Azure Sentinel articles and videos and other collateral to share in this issue.
I apologize up front, but I’m a bit strapped for commentary this issue. My father passed just two days ago. As sad as that is (and it is sad), there’s actually a lot of work to accomplish once someone passes. So, that’s where my energy has been and why its a bit more difficult for the words to come this issue.
For those that also receive the Azure Security Center bi-weekly newsletter, this commentary is the same. It is that difficult to use brain cycles for anything else than focusing on ensuring the next few days go well. So, I’m just reusing the same commentary in both places.
That said. All is good. My dad was ready. I paid tribute to him during my security session for the Well-Architected: The Backstage Tour yesterday. If interested, you can watch the full event (or just my session on The Secret Life of a Security Signal) in replay at: https://cda.ms/2JB 
Thanks to all for being here! This community just keeps growing and that in itself is a tribute.
Talk soon.
-Rod 

Stuff to Read
Hunting for OMI Vulnerability Exploitation with Azure Sentinel - Microsoft Tech Community
Hunting for OMI Vulnerability Exploitation with Azure Sentinel - Microsoft Tech Community
Following the September 14th, 2021 release of three Elevation of Privilege (EoP) vulnerabilities (CVE-2021-38645, CVE-2021-38649, CVE-2021-38648) and one unauthenticated Remote Code Execution (RCE) vulnerability (CVE-2021-38647) in the Open Management Infrastructure (OMI) Framework, analysts in the Microsoft Threat Intelligence Center (MSTIC) have been monitoring for signs of exploitation and investigating detections to further protect customers. We have some things to share about current attacks in the wild, agents and software involved, indicators for defenders to look for on host machines, and to share new detections in Azure Sentinel.
cda.ms  •  Share
How to Prepare to Obtain the Azure Sentinel Notebooks Ninja Certificate – Azure Cloud & AI Domain Blog
How to Prepare to Obtain the Azure Sentinel Notebooks Ninja Certificate – Azure Cloud & AI Domain Blog
Our first Azure Sentinel Notebooks Ninja public training is on tap. For those that have already registered, the first session is scheduled for September 30, 2021. If you want to be included in additional training sessions, register using the form: https://cda.ms/2D1 As a lead-up to our first public-facing Azure Sentinel Notebooks training session and the upcoming…
cda.ms  •  Share
Azure Sentinel Notebooks Ninja Part 3: Overview of the Pre-built Notebooks - the Grand List - Microsoft Tech Community
Azure Sentinel Notebooks Ninja Part 3: Overview of the Pre-built Notebooks - the Grand List - Microsoft Tech Community
This installment is part of a broader learning series to help you become a Jupyter Notebook ninja in Azure Sentinel. The installments will be bite-sized
cda.ms  •  Share
Create Data Collection Rules for Azure Sentinel
Create Data Collection Rules for Azure Sentinel
This article shows you how to create Data Collection Rules for the Windows Security Events data connector in Azure Sentinel. Before you continue, please read the older articles around Azure Arc and how to collect “Security Events” from on-premises servers.
cda.ms  •  Share
Stream Azure AD Identity Protection events to Azure Sentinel/ Log Analytics 
Stream Azure AD Identity Protection events to Azure Sentinel/ Log Analytics 
Microsoft recently added a new function that gives the option for stream events from Azure AD Identity Protection into Azure Sentinel. In this blog the instruction for export user risk events from Azure AD Identity protection into Azure Sentinel. 
cda.ms  •  Share
Building an integration between Azure Sentinel and Unifi infrastructure for a proper SIEM solution - Jussi Roine
Building an integration between Azure Sentinel and Unifi infrastructure for a proper SIEM solution - Jussi Roine
This is one of the more enjoyable projects I’ve done recently during my spare time. I run Azure Sentinel in all of my Azure ..
cda.ms  •  Share
Stuff to Watch/Listen To
A Getting Started Guide For Azure Sentinel ML Notebooks
A Getting Started Guide For Azure Sentinel ML Notebooks
This tutorial guides you through the basic steps of using notebooks for security analysis. It covers all the basic steps you need to understand to start using the notebooks provided with Azure Sentinel.
cda.ms  •  Share
Azure Sentinel – Onboarding the Office 365 Data Connector
Azure Sentinel – Onboarding the Office 365 Data Connector
This video talks about how the Office 365 Data Connector can be onboarded in Azure Sentinel to allow ingestion of SharePoint, Exchange and Microsoft Teams lo…
cda.ms  •  Share
Stuff to Have
MDATP/T1071.004 - Application Layer Protocol - DNS.md at master · alexverboon/MDATP · GitHub
MDATP/T1071.004 - Application Layer Protocol - DNS.md at master · alexverboon/MDATP · GitHub
Adversaries may communicate using the Domain Name System (DNS) application layer protocol to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
cda.ms  •  Share
New/Updated Stuff
Azure Sentinel To-Go! A Linux 🐧 Lab with AUOMS Set Up to Learn About the OMI Vulnerability 💥 - Microsoft Tech Community
Azure Sentinel To-Go! A Linux 🐧 Lab with AUOMS Set Up to Learn About the OMI Vulnerability 💥 - Microsoft Tech Community
Last week, on September 14 th , 2021, Microsoft released fixes for three Elevation of Privilege (EoP) vulnerabilities CVE-2021-38645 , CVE-2021-38649 ,
cda.ms  •  Share
Related Stuff
Azure Monitor Agent and Data Collection Rules now support Windows Server 2022 | Azure updates | Microsoft Azure
Azure Monitor Agent and Data Collection Rules now support Windows Server 2022 | Azure updates | Microsoft Azure
Now with Windows Server 2022 generally available, you can start using this agent to monitor your resources running the latest Windows operating systems
cda.ms  •  Share
Four new Microsoft security certifications that can jumpstart your career
Four new Microsoft security certifications that can jumpstart your career
Here’s a rundown on some new and updated Microsoft security certifications along with information on how to take the exams.
cda.ms  •  Share
Parsing JSON with PowerShell - Microsoft Tech Community
Parsing JSON with PowerShell - Microsoft Tech Community
Q: I try to parse my JSON with the handy dandy “ConvertFrom-JSON” cmdlet but it only works in PowerShell 7, not in my good old PowerShell 5.1. How do I
cda.ms  •  Share
OMG - Tiberium
OMG - Tiberium
Last week, cloud security outfit Wiz announced what they called a ‘secret agent’ group of vulnerabilities that enable takeover and privilege escalation of Linux servers in the Azure cloud.  
cda.ms  •  Share
Stuff to Attend
Azure webinar series Enhance Hybrid Cloud Monitoring with Azure Monitor
Azure webinar series Enhance Hybrid Cloud Monitoring with Azure Monitor
Join this Microsoft webinar to learn how to monitor health and performance of your Azure and hybrid infrastructure with Azure Monitor.
cda.ms  •  Share
Partner Stuff
MANAGED SERVICES FOR AZURE SENTINEL
Standing Watch, By Your Side. Building protective cloud security measures to stop threats before they disrupt your business, and quickly detecting and responding to new threats, is the Arbala mission.
cda.ms  •  Share
Did you enjoy this issue?
Rod Trent

The Microsoft Sentinel weekly newsletter helps uncover the new and important features and news for Microsoft's cloud-based SIEM+SOAR security tool.

In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Powered by Revue