View profile

Azure Sentinel this Week - Issue #36

Microsoft Sentinel this Week
Azure Sentinel this Week - Issue #36
By Rod Trent • Issue #36 • View online
Hi, all! Welcome to our 36th week of continuing Azure Sentinel coverage. This issue marks the end of my very first in-person conference in at least 2 years. The week was amazing and despite it being a conference for endpoint management, the reception for the Azure Sentinel sessions was warm and welcoming. Its so energizing to see such interest in this product. Heck, Azure Sentinel even had its own table.
In addition to my Azure Sentinel sessions, I also co-delivered sessions on hacking Windows, hacking AD and AAD, and Defender for Endpoint. All of these security sessions were so well received that there’s talk of building a security track all its own into the event for next time. Fingers crossed for that.
So, it was a good week. The weather was wonderful so I was able to spend some brief between delivering sessions on the beach.
It was really good to travel again and felt mostly normal about doing so. Here’s hoping to this becomes a regular thing again for us all.
This week, the product team has a request. There’s a new survey available for the Incident Update Trigger.
Here’s the message:
This year we introduced Automation Rules which allow running actions (modify incident properties or run a playbook) when an incident is created. We are planning for an upcoming feature to allow automation rules to be triggered on incident updates.
This feature has multiple use cases. We want to focus on those that matter the most to our users. Please share with us your use cases for this feature. Please be as detailed as possible.
Participate here: https://cda.ms/329
One last thing…Microsoft Ignite is almost upon us. Prepare yourself for some product announcements and feature updates. That is all.
Thanks everyone for your continued interest in Azure Sentinel!
We’ll talk next week…
-Rod

Stuff to Read
Azure Sentinel Internals: Incidents |
(Solution) Azure Sentinel - Caller is Missing Required Playbook Triggering Permissions - CHARBEL NEMNOM - MVP | MCT | CCSP - Cloud & CyberSecurity
Multi-Cloud Security Monitoring – Part 3: Google Cloud Platform – Sam's Corner
Stuff to Watch/Listen To
Python Crash Course Tutorial - Part 1 - Fundamentals (Azure Sentinel Notebook Edition)
Triggers in Security Automation
Monitoring Azure Sentinel Analytical Rules – Push Health Notifications
Stuff to Have
Sentinel-Queries/Identity-VisualizeGuestDomains.kql at main · reprise99/Sentinel-Queries · GitHub
Sentinel-Queries/Sentinel-DetectAccessAddedtoWorkspace.kql at main · reprise99/Sentinel-Queries · GitHub
Sentinel-Queries/LAQuery-UsersvsAutomationQueryStats.kql at main · reprise99/Sentinel-Queries · GitHub
Stuff to Attend
New or Updated Stuff
Automation:Integrate Azure Data Explorer as Long-Term log Retention for Azure Sentinel/Log Analytics - Microsoft Tech Community
Related Stuff
Kusto, Azure Data Explorer, KQL, Azure Log Analytics, Azure Sentinel,
Azure Monitor Logs reference - SecurityDetection | Microsoft Docs
Azure Monitor Log Analytics and Application Insights support for Availability Zones is now generally available in West US 2 | Azure updates | Microsoft Azure
Managing permissions for Log Analytics and Workbooks - MSEndpointMgr
News Stuff
Announcing the Azure Sentinel Hackathon 2021 winners! - Microsoft Tech Community
Did you enjoy this issue?
Rod Trent

The Microsoft Sentinel weekly newsletter helps uncover the new and important features and news for Microsoft's cloud-based SIEM+SOAR security tool.

In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Powered by Revue