View profile

Microsoft Sentinel this Week - Issue #38

Microsoft Sentinel this Week
Microsoft Sentinel this Week - Issue #38
By Rod Trent • Issue #38 • View online
Happy Friday all! As we embark on issue and week #38 of our weekly time together, I’m reminded of what time of year it is. This time of year is my favorite. Sure, it gets cold here where I live in Ohio, but the warmth of family and friends abounds during the holiday season. I hope you, too, are in a place where you can be hopeful and excited about spending idle moments with loved ones. And, in some small way, I hope you also enjoy spending time with all of us in this Microsoft Sentinel community.
Speaking of community, I know many of you know me only through my efforts at Microsoft, through this newsletter, or through the security community at large, but my career started long ago. I’ve been blessed to be part of many large and vibrant communities - some of which I actually led and managed.
An old friend of mine from those early communities, Tim Flower, reached out recently in his role at his current company Nexthink. Tim wanted to sit down and reminisce about those old days and then talk about how those reflections still might matter today in this era. So, we did that. And, of course, as is the day we live in, we recorded it. What resulted was a fun and reflective time. And, I surprised myself in that it gave me an opportunity to work out in my head some issues with today’s communities that I’ve been harboring. I think you’ll enjoy it.
So, hey - it wouldn’t be an issue of this newsletter without a little ask from the product team from all of you. So, there’s two asks this issue…
First, one of my colleagues is working to enhance the Microsoft Sentinel ingestion calculator. This is a popular tool for many customers and Microsoft field folks alike and any improvements to it are always welcome.
There’s a short survey available where you can supply your suggestions to help drive this improvement. You can participate here: Sentinel ingestion calculator survey
The second ask again comes from the product group, but this time in relation to the recently announced Deception (Honeytokens) Solution.
We want to drive awareness around this. Here’s some links to get you started if you’re not already aware of this valuable offering:
And, of course, once you’ve had time to look at it, we have a feedback form that delivers directly to the product team: Feedback: HoneyTokens Preview
That’s just about it from me for this week, folks. It’s been a while since I’ve talked about how quickly this community is growing, so maybe I’ll dig into that next issue. The short story is that we’re continuing to see significant growth here and across the entire Microsoft Sentinel community. It’s truly amazing.
But there’s always room for more. I’m sure many of you know colleagues that would love to join us. If that’s the case, send them this newsletter issue and invite them to come participate.
Have a wonderful week!

Stuff to Read
How to use Microsoft Sentinel Near Real Time detections - Microsoft Tech Community
Detecting NTLM Relay Attacks. It is possible to detect NTLM relaying… | by Mehmet Ergene | Nov, 2021 | Medium
Protect Teams with Microsoft Sentinel - Part 3 |
Blogpost: Sentinel RBAC options – Cloudblogger
Passing the Microsoft Sentinel Ninja Training - CHARBEL NEMNOM - MVP | MCT | CCSP - Cloud & CyberSecurity
Automate more with 200+ OOTB playbooks - Microsoft Tech Community
Azure Sentinel Parse Symantec EDR Logs
Protecting Federal Information Systems with the Microsoft Insider Risk Management Solution - Microsoft Tech Community
Microsoft Sentinel - geo Location
Stuff to Watch/Listen To
Microsoft Security Insights Podcast - microsoftsecurityinsights on Twitch
Decrease Your SOC’s MTTR by Integrating Microsoft Sentinel with Microsoft Teams
Microsoft Sentinel Threat Hunting Deep Dive
Azure Sentinel Introduction and Walkthrough of Resources
Azure Sentinel webinar: Tackling identity
Microsoft Defender Services Names
For each and Condition checks in Security Automation
Stuff to Have
GitHub - David-Summers/Azure-Design: My Azure stencil collection for Visio. Highly functional and always up to date.
SentinelKQL/UsersConnectFromMultipleCity.txt at master · rod-trent/SentinelKQL · GitHub
GitHub - eshlomo1/Azure-Sentinel-4-SecOps: Azure Sentinel 4 SecOps
Sentinel-Queries/Function-IdentityInfowithSigninRisk.kql at main · reprise99/Sentinel-Queries · GitHub
Sentinel-Queries/Heartbeat-VisualizeDistinctComputersperMonth.kql at main · reprise99/Sentinel-Queries · GitHub
SentinelKQL/NewAdmins.txt at master · rod-trent/SentinelKQL · GitHub
SentinelKQL/MimiKatzDetection.txt at master · rod-trent/SentinelKQL · GitHub
Sentinel-Queries/Identity-RiskEventfollowedbyMFAchanges.kql at main · reprise99/Sentinel-Queries · GitHub
Sentinel-Queries/Heartbeat-NoHeartbeatinTimeframe.kql at main · reprise99/Sentinel-Queries · GitHub
Sentinel-Queries/Identity-GuestsInvitedbutnotRedeemed.kql at main · reprise99/Sentinel-Queries · GitHub
SentinelKQL/RulesRuninLast30d.txt at master · rod-trent/SentinelKQL · GitHub
Stuff to Attend
Rod Trent – AVD Tech Fest 2021
Get Smart with Data ingestion & Retention in Azure Sentinel | Meetup
New and Updated Stuff
Learning with the Microsoft Sentinel Training Lab - Microsoft Tech Community
Azure Sentinel Notebooks Ninja Part 3: Overview of the Pre-built Notebooks - the Grand List - Microsoft Tech Community
What’s new: Microsoft Sentinel Deception Solution
Hunt with MITRE ATT&CK techniques using refreshed hunting dashboard - Microsoft Tech Community
Enable Continuous Deployment Natively with Microsoft Sentinel Repositories! - Microsoft Tech Community
Customize your hunting experience with MITRE ATT&CK techniques and more entity types - Microsoft Tech Community
Design your Azure Sentinel workspace architecture | Microsoft Docs
Related Stuff
Azure Monitor - Log Analytics (part 1 of 4)
Kerberoast with OpSec | Microsoft 365 Security
Partner Stuff
Dark Reading | Security | Protect The Business - Enable Access
Softline nominated to Microsoft Intelligent Security Association – India Education | Latest Education News | Global Educational News | Recent Educational News
News Stuff
Rudin Management proactively safeguards operational networks with Microsoft Defender for IoT
Did you enjoy this issue?
Rod Trent

The Microsoft Sentinel weekly newsletter helps uncover the new and important features and news for Microsoft's cloud-based SIEM+SOAR security tool.

In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Powered by Revue