View profile

Azure Sentinel this Week - Issue #32

Microsoft Sentinel this Week
Azure Sentinel this Week - Issue #32
By Rod Trent • Issue #32 • View online
Happy Friday everyone!
I truly appreciate you being here. I hope our weekly get-together is still providing the value you expected when you first subscribed. I still thoroughly enjoy it.
For those just joining us this week - welcome! Its always awesome to see new people interested in Azure Sentinel. As always, we’ve had a steady influx of new subscribers in the past week. Its great to see continued interest in this area.
A lot of it has to do with the product itself. Hopefully, you saw this week our own customer story that talks about how Microsoft uses Azure Sentinel and how using it has significantly increased response and efficiency. If you didn’t catch it see: https://cda.ms/2Nx.
I talk about this all the time with customers. A lot of what you see in Azure Sentinel is from the gaps we identified in existing tools as we began our own journey to find the right tool for our own needs. The rest comes through customer request. How can you go wrong with a product that’s built to solve the woes of existing tools and supply customer need? That’s a sure recipe for success.
I have a small request for action this week.
We’re in the midst of designing/developing an official Microsoft security news show that will be unlike anything that exists. We’d like to know which programming segments would supply the most value to you.
I have a poll up on both LinkedIn and Twitter for you to participate. Your response takes a couple seconds, but the results will be hugely helpful to us. Just choose your favorite location to participate…
LinkedIn: https://cda.ms/2Ny
Thanks in advance for your help! And, don’t feel like you need to keep this to yourself. Let your colleagues know about it. The more the merrier.
There’s a lot of great content in this week’s newsletter issue, so I’ll stop here and leave you to it.
Talk next week!
-Rod

Stuff to Read
Monitoring Azure Sentinel Analytical Rules – Push Health Notifications - Microsoft Tech Community
Querying WHOIS/Registration Data Access Protocol (RDAP) with Azure Sentinel and Azure Functions - Microsoft Tech Community
What the Heck PsExec! - In.Security - Cyber Security Technical Services & Training | In.Security - Cyber Security Technical Services & Training
Using time to your advantage in Azure Sentinel – Azure Sentinel 101
Threat Hunting Using Windows Event ID 5143
Operationalize against your archived logs in Azure Storage - by SwiftSolves - SwiftSolves Security on Azure
Defender for IoT Raw Log Integration into Sentinel | Managed Sentinel
Multi-Cloud Security Monitoring – Part 2: Amazon Web Services – Sam's Corner
Stuff to Watch/Listen To
Security: The Secret Life of a Security Signal | Well-Architected: The Backstage Tour | Channel 9
Hunting Malware with Azure Sentinel Threat Intelligence
Investigate security incidents in a hybrid environment with Azure Sentinel
Stuff to Have
Azure Sentinel: Log Forwarder Configuration | Davi Cruz
SentinelKQL/AgentInfowithLocation.txt at master · rod-trent/SentinelKQL · GitHub
Threat-Hunting-and-Detection/Spearphishing Link - Rare URL Clicks.md at main · Cyb3r-Monk/Threat-Hunting-and-Detection · GitHub
Threat-Hunting-and-Detection/TA0008 - Potential Lateral Movement with Local Account.md at main · Cyb3r-Monk/Threat-Hunting-and-Detection · GitHub
Stuff to Attend
SOC Analyst Training Webinar - Azure Sentinel & KQL
Response, Remediation and ROI with eSentire MDR for Microsoft -- Redmond Channel Partner
New or Updated Stuff
Uncoder CTI from SOC Prime
Related Stuff
Azure Arc - Add servers from Update Management
Azure Automation Hybrid Worker Extension for Azure and Arc-enabled servers now in public preview | Azure updates | Microsoft Azure
FoggyWeb: Targeted NOBELIUM malware leads to persistent backdoor | Microsoft Security Blog
Windows Threat Hunting : Processes of Interest (Part 1) | by Pratinav Chandra | Sep, 2021 | Medium
How to ingest historical data into ADX
Partner Stuff
News Stuff
SolarWinds hackers Nobelium spotted using a new backdoor
Securing the enterprise and responding to cybersecurity attacks with Microsoft Azure Sentinel
Microsoft soars ahead, gaining an 18-fold performance increase with Azure Sentinel
Did you enjoy this issue?
Rod Trent

The Microsoft Sentinel weekly newsletter helps uncover the new and important features and news for Microsoft's cloud-based SIEM+SOAR security tool.

In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Powered by Revue