View profile

Azure Sentinel this Week - Issue #33

Microsoft Sentinel this Week
Azure Sentinel this Week - Issue #33
By Rod Trent • Issue #33 • View online
Happy Friday, all! Well, we’ve done it again. The delivery of the “Azure Sentinel this Week” newsletter means we’ve successfully checked off another work week.
And, its October. The holiday season is just around the corner. Everyone has their favorite time of the year, but this time of year is truly my favorite. The brisk weather, the smell of the fall season, and seasonal movies.
Most of you know I’m a movie and TV buff, but starting around October is when these things kick into high gear. It starts with Halloween and the scary movies (which I love but the wife hates), dips into Thanksgiving with things like Planes, Trains, and Automobiles, and then crescendos with the Christmas season movies - from A Charlie Brown Christmas to Elf to Christmas Vacation to name just a few. So, I’m getting extra excited. Have a favorite seasonal movie of your own? I’m happy to discuss it on Twitter. Here, I’ll make it easy for you. Just insert your own movie title and copy/paste to Twitter:
@rodtrent - my favorite seasonal movie is <your movie title here>
But, there’s also that excitement of knowing what’s coming just around the corner for Azure Sentinel. As we approach Microsoft Ignite this year, keep your eyes peeled for subtle things. Little telltale nuances about what’s coming. We save Ignite each year for some major announcements and, believe me, Sentinel is no different. I promise you, you will be enthralled.
There’s just a couple things to highlight for this week before you head off into the content below.
First off, I’ve bitten the bullet and finally began treading down the ultimate rabbit hole. A long while ago a customer asked for a better way to envision its team’s cybersecurity stance, workload, and processes. That discussion birthed the idea of a “SOC Score.”
The SOC Score is essentially a daily credit score for SOCs where, based on team activities, the score can be improved. So, I have been digging into this for the past couple weeks and have made some significant progress. However, I need help with it. This help is a really simple task and just requires you to run some KQL queries in your Azure Sentinel environment and send me the results. See https://cda.ms/2Rq to learn more.
And, if you’re not the person that does this in your environment, please pass it off to the teammate that does. I truly appreciate the help!
The second item to highlight is that we have just released our latest Microsoft Digital Defense Report. Over the past couple days, I’ve seen the news outlets focused on the most prevalent state-actor data. It’s Russia - go figure. But, this report contains some valuable information beyond that. I think some of the best data here is around how invested we are in security and that investment (time, money, resources) is leading the industry.
If you’re interested in this type of data, you can find the report here: https://cda.ms/2Rr
OK, that’s all for this week. Enjoy the weekend and we’ll talk again next Friday.
-Rod

Stuff to Read
How to Help Invent the SOC Score for Azure Sentinel – Azure Cloud & AI Domain Blog
How to Locate installed LA Agents and If On-prem or in Azure – Azure Cloud & AI Domain Blog
How to Add the New Azure Sentinel Hunting Columns for MITRE Techniques, Results Delta, and Results Delta Percentage – Azure Cloud & AI Domain Blog
Discovering Microsoft 365 Logs within your Organization [ Part 1] - Microsoft Tech Community
Reset your on premise passwords with Azure Sentinel + Azure AD Connect writeback | Azure Sentinel 101
Monitor Azure AD Guest Users With Azure Sentinel - CHARBEL NEMNOM - MVP | MCT | CCSP - Cloud & CyberSecurity
Moving to next-generation SIEM with Azure Sentinel
Using Logic Apps to version control your Azure AD Conditional Access Policies | Azure Sentinel 101
Detect intruders using a honeypot/honeytoken monitored by Azure Sentinel
Autonomous Threat Hunting Using Azure Sentinel - Part 1
Autonomous Threat Hunting Using Azure Sentinel - Part 2
Simple Row-Based Access Workbook: Lab Walk-Through with Azure Sentinel and Azure Data Explorer (ADX) - Microsoft Tech Community
Stuff to Watch/Listen To
Project ExternalData
Integrating Microsoft Azure Sentinel with ServiceNow Security Incident Response
Stuff to Have
Sentinel-playground/ARM-Templates/logforwarder at main · SecureHats/Sentinel-playground · GitHub
Query Style Guide · Azure/Azure-Sentinel Wiki · GitHub
MDATP/Azure AD - B2B policy changes - AllowedDomains.md at master · alexverboon/MDATP · GitHub
Sentinel-Queries/PIM-UserAssignedRolebutHasntActivated.kql at main · reprise99/Sentinel-Queries · GitHub
Malwarebytes Nebula and Azure Sentinel integration guide – Malwarebytes Support
Microsoft Digital Defense Report – Microsoft Security
Stuff to Attend
New or Updated Stuff
Microsoft 365 E5 benefit offer with Azure Sentinel | Microsoft Azure
Related Stuff
Thoughts on passing the SC-200 security certification exam - Jussi Roine
Azure Arc agent deployment using PowerShell DSC
Kusto Query Language 101 – Dave McCollough
Threat Hunting Using Windows Scheduled task
Partner Stuff
Integration guidance helps partners deliver Zero Trust solutions - Microsoft Tech Community
Logicali joins MISA to expand its security solutions for customers - Help Net Security
Thales extends its collaboration with Microsoft, integrating advanced cybersecurity services with Azure Sentinel as a Microsoft Intelligent Security Association member | Thales Group
eSentire on LinkedIn: eSentire MDR for Microsoft
News Stuff
Microsoft is slowly but surely laying the groundwork to make security its secret weapon in the cloud wars with Amazon
Open Systems Adds New C-Level Executives as Security Services and Managed Detection and Response (MDR) Adoption Grows
Did you enjoy this issue?
Rod Trent

The Microsoft Sentinel weekly newsletter helps uncover the new and important features and news for Microsoft's cloud-based SIEM+SOAR security tool.

In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Powered by Revue