View profile

Azure Sentinel this Week - Issue #34

Microsoft Sentinel this Week
Azure Sentinel this Week - Issue #34
By Rod Trent • Issue #34 • View online
Hi, all! Welcome to week and issue number 34 of our weekly missive. 34 weeks means we’re ¾ of a way to our first year of publication! I don’t know about you, but to me, its a bit crazy to think about. What started as a market test for a very specific Microsoft service has bloomed into a community-driven weekly delivery that people look forward to receiving. For some, this weekly newsletter is the mark of the start of the weekend. And, what’s better than that? I’m so happy that something so simple can bring so much joy.
Thanks to all of you who have been here from the beginning when this was just a test publication. Thanks to all who have come on along the way. And, welcome to all of those that joined us on our journey just this past week.
There’s just a couple things this week I want to make you aware of that I think will add value to your life.
First off, a couple friends/colleagues of mine have topped off the update for a 2nd edition of the Azure Sentinel in Action book from Packt publishing. The book will release in January, but is well worth your effort to acquire and read. How do I know? I helped in the tech review and as such have read the book cover-to-cover already. Co-authors include: Richard Diver, Gary Bushey and John Perkins.
Secondly, Matt Zorich on Twitter issued a challenge this past week. The challenge is to produce a valuable piece of KQL every day for 1 year. So far, I’d say its been a success. However, to me - this is a great opportunity to not only build community participation but produce some awesome, shareable content that we all need for our own security monitoring purposes. Matt has already produced some awesome queries including things like
But, why let Matt go it alone? We can all get involved. If you create something you’re also proud of - or maybe its a snippet of something that someone else can use to build on - post the link to Twitter and use the #365daysofkql hashtag. <== You can also find everything Matt has shared so far at that same hashtag link.
And, finally, we have a new survey posted. This one specific to Hunting operations in Azure Sentinel.
Azure Sentinel Hunting provides analysts the ability to proactively look for malicious activity before alerts are generated. Today, we provide many hunting queries to get you started. Now we would like to provide the next set of capabilities to take your hunting experience to the next level. 
We would like to understand your most important use cases, pain points, and what capabilities you are looking for. If you don’t hunt, we would like to understand what is stopping you so we can make this feature more accessible and useful to new users. 
If you could take a minute or so to participate, we’d love it. If there’s one thing that’s a constant at Microsoft, is that we don’t post surveys just to post surveys. If there’s a survey posted, we absolutely need your feedback and the responses will be used directly to make decisions.
Link to the survey:
Thanks again for your continued interest in Azure Sentinel and your dedication to this community. You all are wonderful. Keep it up!
Talk to you next week!

Stuff to Read
How to Monitor for Brute Force Attack Against a Cloud PC in Azure Sentinel – Azure Cloud & AI Domain Blog
A Quick Guide on Using Sysmon for Linux in Azure Sentinel - Microsoft Tech Community
Automating the deployment of Sysmon for Linux 🐧 and Azure Sentinel in a lab environment 🧪 - Microsoft Tech Community
Analyzing Endpoints Forensics - Azure Sentinel Connector - Microsoft Tech Community
Azure Sentinel SOAR worker: Azure Arc + Azure Automation –
Cassandra Database 4 Audit Logging - by SwiftSolves - SwiftSolves Security on Azure
Azure Sentinel alert rule ARM deployment - NextFence
Monitor C2s that use PowerShell connections on Port 80 and 443.
Why Azure Sentinel should be your first choice for a SIEM  - Atech
Stuff to Watch/Listen To
Demo Azure Sentinel Investigation
On-Demand Webinar: Azure Sentinel Threat Intelligence Automation For Cyber Defense
Cassandra Database Audit Logs and Azure Sentinel
Stuff to Have
Sentinel-Queries/Identity-RoleAddedtoServicePrincipal.kql at main · reprise99/Sentinel-Queries · GitHub
Sentinel-Queries/Office-DownloadsfromGuestafterAddedtoTeams.kql at main · reprise99/Sentinel-Queries · GitHub
GitHub - Senserva-LLC/Pyserva: The Senserva Python Library
Sentinel-Queries/OfficeActivity-DetectEmailsReadbyAdmins.kql at main · reprise99/Sentinel-Queries · GitHub
Sentinel-Queries/OfficeActivity-VisualisingAnomalousDownloads.kql at main · reprise99/Sentinel-Queries · GitHub
OnPremSecMonitoring4Sentinel/EventLogCleared.yaml at main · rod-trent/OnPremSecMonitoring4Sentinel · GitHub
Stuff to Attend
How to Manage Device Community on LinkedIn: #HTMD #HTMDCommunity #HTMDConf2021
New or Updated Stuff
Azure Sentinel Gets Built-in Playbooks Templates – Azure Cloud & AI Domain Blog
New Template Update Verification Feature for Azure Sentinel Analytics Rules – Azure Cloud & AI Domain Blog
General Availability of Azure Sentinel Threat Intelligence in Public and Azure Government cloud - Microsoft Tech Community
Related Stuff
Understanding Azure Logs from a security perspective — Part 2 — NSG Flow Logs | by David Okeyode (MVP) | Oct, 2021 | Medium
Blue Team Operations [Part 3]: How To Investigate Phishing Attacks as a SOC Analyst | by TechExpert | Oct, 2021 | InfoSec Write-ups
Lowering the price of Cyber Insurance - Microsoft Tech Community
Topmost Signs of Compromise Detected with Windows operating System
News Stuff
Business as usual for Azure customers despite 2.4 Tbps DDoS attack | Azure Blog and Updates | Microsoft Azure
Did you enjoy this issue?
Rod Trent

The Microsoft Sentinel weekly newsletter helps uncover the new and important features and news for Microsoft's cloud-based SIEM+SOAR security tool.

In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Powered by Revue