View profile

Microsoft Sentinel this Week - Issue #37

Microsoft Sentinel this Week
Microsoft Sentinel this Week - Issue #37
By Rod Trent • Issue #37 • View online
Welcome everyone to our 37th issue of this newsletter. As you’ll notice, our newsletter got the same rebranding as many of our products this week at Microsoft Ignite.
Among the other name changes, Azure Sentinel has become Microsoft Sentinel, hence our newsletter name adjustment. This was an effort to bring our security services better inline with their actual purpose - and that’s to monitor and secure not just Azure, but anything a customer needs to protect. Sentinel has long been a platform where anything can be connected whether its on-prem or other clouds. So, I think you’ll agree the name change makes sense. Our last rebranding left some products and services incomplete. And, many folks saw the writing on the wall that these remaining services would need to be changed, too. 
Here’s the full list…
  • Azure Sentinel => Microsoft Sentinel
  • Azure Defender and Azure Security Center => Microsoft Defender for Cloud
  • Azure Defender for IoT = > Microsoft Defender for IoT
  • Microsoft Cloud App Security => Microsoft Defender for Cloud Apps
Incidentally, I delivered a keynote during a partner event yesterday morning and I messed up the new names several times even though I spent hours excruciatingly updating my slide deck. It will take a bit before it becomes muscle memory.
Speaking of Microsoft Ignite there’s a special Ignite section in this issue of the newsletter and its massive. I highly recommend reading each item. But, if you’re like me and just want a quick update, you can catch up on all the Microsoft Sentinel news in less than 3 minutes with the Security News Now - Microsoft Ignite 2021 Sentinel Edition.
My team here at Microsoft is steadily working on an official, weekly news show. This week we’re providing samples of what’s coming in a couple Ignite specials, including one for Microsoft Defender for Cloud (the new name for Azure Security Center).
As you can tell by the numerous Microsoft Sentinel announcements from Ignite, the product teams are hard at work. But noone wants to work in a vacuum. For that reason, the product teams are constantly looking for customer feedback to help drive new features and enhancements and product direction. Here’s a couple new surveys this week where you can provide your feedback and have significant impact on Microsoft Sentinel:
  1. Microsoft Sentinel Notebooks Survey - Jupyter Notebooks is an integral part of the analysts’ toolkit in Microsoft Sentinel. Today, we provide many pre-built notebooks to get you started with your investigation and hunting processes. We are working on the next set of capabilities to take your Notebooks experience to the next level. We would like your feedback on your Notebooks experience to better understand your pain points and the most important scenarios you would like to have notebooks for. This will help us prioritize the notebook content to better fit your security requirements.
  2. Survey on Visualizations, Dashboards and Reporting in Microsoft Sentinel - With the vast amounts of data ingested into Microsoft Sentinel, the ability to do data visualizations, build dashboards, and generate reports is essential for the SOC. With the Workbooks feature today, Microsoft Sentinel users are able to leverage the many default Workbooks provided to explore their data, utilize it for investigations and interactively work with their data. With its flexibility, users are also able to modify the default Workbooks or create entirely new ones for themselves. We would like to gather your feedback on what Visualizations, Dashboarding and Reporting means to you, how Workbooks has fared so far in meeting your needs, and how we can do better.
Virtual Ninja trainings are being planned, but, Sr. Program Manager at Microsoft, Heike Ritter needs your help determining how best to accomplish them - specifically how often and how long each session should be.
If this interests you, please supply your thoughts here:
OK…that’s it from me for this week. There’s plenty to see, read, and discuss in this week’s issue - so I’ll leave you to it!
We’ll talk again next week.

Stuff to Read
Books for Azure Sentinel – Azure Cloud & AI Domain Blog
Who Watches the SOC Team? Enabling Audit/Risk Teams to Monitor the SOC - Microsoft Tech Community
Protect Teams with Azure Sentinel |
Protect Teams with Microsoft Sentinel - Part 2 |
Near-real-time (NRT) Analytics Rules in Microsoft Sentinel – Azure Cloud & AI Domain Blog
Utilize Watchlists to Drive Efficiency During Microsoft Sentinel Investigations - Microsoft Tech Community
Automation Rules inside Azure Sentinel
Hunting for potential network beaconing patterns using Apache Spark via Azure Synapse – Part 1 - Microsoft Tech Community
Stuff to Watch/Listen To
Security News Now - Microsoft Ignite 2021 Sentinel Edition
HTTP Actions in Security Automation
Stuff to Have
SentinelKQL/Windows10LoggedInLast7Days.txt at master · rod-trent/SentinelKQL · GitHub
Sentinel-Queries/Device-DetectInternaltoExternalTeamviewer.kql at main · reprise99/Sentinel-Queries · GitHub
Sentinel-Queries/Identity-AdminUpdatingSecurityInfo.kql at main · reprise99/Sentinel-Queries · GitHub
Sentinel-Queries/Identity-AppAccessMembersvsGuests.kql at main · reprise99/Sentinel-Queries · GitHub
Sentinel-Queries/OAuth-SummarizeServicePrincipalInactivity.kql at main · reprise99/Sentinel-Queries · GitHub
Sentinel-Queries/Identity-SummarizeGuestInactivity.kql at main · reprise99/Sentinel-Queries · GitHub
Sentinel-Queries/SecurityEvent-UnconstrainedDelegationtoUser.kql at main · reprise99/Sentinel-Queries · GitHub
Stuff to Attend
Ignite Stuff
Azure Sentinel near-real-time (NRT) Analytics Rule ARM Template -Microsoft Azure Security Randomness
What's New: Microsoft Sentinel Watchlist Support for ARM Templates! - Microsoft Tech Community
Detection tuning – “Making the tuning process simple - one step at a time.” - Microsoft Tech Community
Introducing Microsoft Sentinel Content hub! - Microsoft Tech Community
Detecting Emerging Threats with Microsoft Sentinel Fusion - Microsoft Tech Community
New and Updated Stuff
Deploy and monitor Azure Key Vault honeytokens with Azure Sentinel | Microsoft Docs
Detect threats quickly with near-real-time (NRT) analytics rules in Azure Sentinel | Microsoft Docs
Manage custom content for Azure Sentinel in your own repository | Microsoft Docs
Plan and manage costs for Azure Sentinel | Microsoft Docs
Best practices for data collection in Azure Sentinel | Microsoft Docs
Best practices for Azure Sentinel | Microsoft Docs
Normalization and the Azure Sentinel Information Model (ASIM) | Microsoft Docs
Understand threat intelligence in Azure Sentinel | Microsoft Docs
Pre-deployment activities and prerequisites for deploying Azure Sentinel
Advanced multistage attack detection in Azure Sentinel | Microsoft Docs
Commonly used Azure Sentinel workbooks | Microsoft Docs
Partner Stuff
Senserva helping customers with Microsoft Sentinel Notebooks - Senserva
Discover what’s new and gain technical expertise from MISA at Ignite - Microsoft Security Blog
archTIS Joins Microsoft Intelligent Security Association
Sonrai Security Joins Microsoft Intelligent Security Association; Sonrai Dig Listed as Preferred Solution on Microsoft Azure Marketplace - Sonrai Security
IronNet Joins Microsoft Intelligent Security Association (MISA) | Business Wire
Apply Least Privilege, Least Access Policy from Azure Sentinel, with insights from Sonrai Dig
Archtis Ltd NC Protect Data Connector now available in Microsoft Azure Marketplace
Related Stuff
Protect your business with Microsoft Security’s comprehensive protection - Microsoft Security Blog
Logic Apps Standard Plan updates in public preview | Azure updates | Microsoft Azure
General availability: Azure Data Explorer Insights | Azure updates | Microsoft Azure
News Stuff
How Microsoft narrows the threat funnel on over 600 billion monthly security events - Inside Track Blog
Moving to next-generation SIEM with Azure Sentinel
Tradewinds adds eSentire MDR to cyber portfolio - Distribution - Security - CRN Australia
Microsoft brings enterprise security to nonprofits and SMBs | VentureBeat
Did you enjoy this issue?
Rod Trent

The Microsoft Sentinel weekly newsletter helps uncover the new and important features and news for Microsoft's cloud-based SIEM+SOAR security tool.

In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Powered by Revue