Hi, all! Welcome to week and issue number 34 of our weekly missive. 34 weeks means we’re ¾ of a way to our first year of publication! I don’t know about you, but to me, its a bit crazy to think about. What started as a market test for a very specific Microsoft service has bloomed into a community-driven weekly delivery that people look forward to receiving. For some, this weekly newsletter is the mark of the start of the weekend. And, what’s better than that? I’m so happy that something so simple can bring so much joy.
Thanks to all of you who have been here from the beginning when this was just a test publication. Thanks to all who have come on along the way. And, welcome to all of those that joined us on our journey just this past week.
There’s just a couple things this week I want to make you aware of that I think will add value to your life.
First off, a couple friends/colleagues of mine have topped off the update for a 2nd edition of the Azure Sentinel in Action
book from Packt publishing. The book will release in January, but is well worth your effort to acquire and read. How do I know? I helped in the tech review and as such have read the book cover-to-cover already. Co-authors include: Richard Diver
, Gary Bushey
and John Perkins
Secondly, Matt Zorich
on Twitter issued a challenge this past week. The challenge is to produce a valuable piece of KQL every day for 1 year
. So far, I’d say its been a success. However, to me - this is a great opportunity to not only build community participation but produce some awesome, shareable content that we all need for our own security monitoring purposes. Matt has already produced some awesome queries including things like
But, why let Matt go it alone? We can all get involved. If you create something you’re also proud of - or maybe its a snippet of something that someone else can use to build on - post the link to Twitter and use the #365daysofkql
hashtag. <== You can also find everything Matt has shared so far at that same hashtag link.
And, finally, we have a new survey posted. This one specific to Hunting operations in Azure Sentinel.
Azure Sentinel Hunting provides analysts the ability to proactively look for malicious activity before alerts are generated. Today, we provide many hunting queries to get you started. Now we would like to provide the next set of capabilities to take your hunting experience to the next level.
We would like to understand your most important use cases, pain points, and what capabilities you are looking for. If you don’t hunt, we would like to understand what is stopping you so we can make this feature more accessible and useful to new users.
If you could take a minute or so to participate, we’d love it. If there’s one thing that’s a constant at Microsoft, is that we don’t post surveys just to post surveys. If there’s a survey posted, we absolutely need your feedback and the responses will be used directly to make decisions.
Thanks again for your continued interest in Azure Sentinel and your dedication to this community. You all are wonderful. Keep it up!
Talk to you next week!