View profile

Microsoft Sentinel this Week - Issue #40

Microsoft Sentinel this Week
Microsoft Sentinel this Week - Issue #40
By Rod Trent • Issue #40 • View online
Happy Friday everyone and welcome to Issue and week #40 of this newsletter! This is going to be one of those really quick newsletter intros. As I noted last newsletter, it was tentative whether or not this issue would deliver due to the US Thanksgiving holiday and me taking time off from work. However, there was some significant content released this past week worth knowing, so I just couldn’t let it pass.
I’m still taking today off from work, though not enjoying it as much as I could due to catching a head cold. That’s the catch-22 for this time of year in my area of the world. It was wonderful to have my four kids, their spouses, and my grandbaby all in one house yesterday, but I felt lousy at the same time. Today, I’m still struggling with the cold, but it’s getting better. I imagine by the time work starts up again for me on Monday, I’ll be just fine.
Getting a cold isn’t a fun prospect, but it’s much less fun as an adult than as a kid. I can remember the days growing up when I was home from school being waiting on hand-and-foot by my mom, eating saltine crackers and Jell-o all day and stuck watching episodes of the Price is Right.
This past week my wife and I babysat our grandbaby each day. He’s where my cold came from, so it was all worth it.
One quick thing I want to highlight this week before I bid you adieu - as part of my Must Learn KQL blog series I mentioned that we’re also working on delivering even more learning content around KQL. A piece of that learning showed up this past week in an official Learn module called Write your first query with Kusto Query Language.
The module comes in 11 units that should take right around 40 minutes to complete. It promises to help you write your first query and learn how to use the operators: count, take, project, where, sort, and others.
I’ve not gone through the module myself yet, but plan to do that early next week.
I’ve also determined that once my Must Learn KQL series is complete, I’m going to turn it into an actual book. You’ll be able to obtain the book for free from the GitHub repository and Amazon.
Speaking of books, I signed off on my BIO for tech editing the upcoming Microsoft Sentinel in Action book that’s due close to February. This is a very good indicator that the book is on target for the proposed release date.
This will be an excellent resource for anyone wanting the Microsoft Sentinel walkthrough and needing to get deeper with this product. I’m sure there’s plenty of folks on you Christmas list (might even be you) for whom this book will be a big benefit and a beloved gift. Plus, if you order it now for that special someone, you’ve just ticked another gift recipient off your list you don’t have to worry about for that last minute rush.
Incidentally, the book page still says “Azure Sentinel” but the book’s title when released will be updated with the new “Microsoft Sentinel” nomenclature.
Again, I promised a short intro this week and I’m sticking to it. Plus, I need to get back to resting so this cold can work itself out.
Have an awesome weekend everyone! Talk soon.
-Rod

Stuff to Read
Must Learn KQL Part 3: Workflow – Azure Cloud & AI Domain Blog
Must Learn KQL Part 4: Search for Fun and Profit – Azure Cloud & AI Domain Blog
Detecting multistage attacks in Microsoft Sentinel | Microsoft Sentinel 101
Azure Sentinel Threat Intelligence API -Notes of Azure Security + Governance
Threat Hunting AWS CloudTrail with Sentinel: Part 1 - Binary Defense
Investigating Suspicious Azure Activity with Microsoft Sentinel - Microsoft Tech Community
How to Manually Reset the Remediation Policy when Microsoft Sentinel Azure Activity Connector Shows Not Connected – Azure Cloud & AI Domain Blog
Hunt for Guests inviting other guests with Microsoft Sentinel | Thoor.tech
Stuff to Watch/Listen To
Deploy and monitor Azure Key Vault honeytokens with Microsoft Sentinel
Everything You Ever Wanted to Know About Using the New Azure Monitor Agent with Microsoft Sentinel
Create Your Own Microsoft Sentinel Solutions
Stuff to Have
Sentinel-Queries/Identity-VisualizePasswordvsPasswordless.kql at main · reprise99/Sentinel-Queries · GitHub
Sentinel-Queries/DnsEvents-FindStaleDomains.kql at main · reprise99/Sentinel-Queries · GitHub
Unpacking parameters to detect suspicious terms in new Exchange Inbox Rules · GitHub
Sentinel-Queries/Device-PowerShellExecutionModeChanged.kql at main · reprise99/Sentinel-Queries · GitHub
Sentinel-Queries/Audit-DailySummaryofAdminActivity.kql at main · reprise99/Sentinel-Queries · GitHub
Sentinel-Queries/IP-LabelDowngradeThenCopytoUSB.kql at main · reprise99/Sentinel-Queries · GitHub
Sentinel-Queries/Device-VisualizeVolumeofDataCopiedtoUSB.kql at main · reprise99/Sentinel-Queries · GitHub
GitHub - reprise99/Sentinel-Queries: Collection of KQL queries
Stuff to Attend
Integrating the Security Monitoring MP into Microsoft Sentinel - SCOMathon
Join us at InfoSec Jupyterthon 2021 - Microsoft Security Blog
New and Updated Stuff
Microsoft Sentinel - SAP continuous threat monitoring with UEBA entity pages - Microsoft Tech Community
Related Stuff
Microsoft’s DART ransomware approach and best practices | Microsoft Docs
Incident response planning | Microsoft Docs
Partner Stuff
Q&A: Building a CSOC on Microsoft security technologies
Quorum bases its Cyber One solution on Microsoft Sentinel, easing and lifting security for customers like CountPlus
Did you enjoy this issue?
Rod Trent

The Microsoft Sentinel weekly newsletter helps uncover the new and important features and news for Microsoft's cloud-based SIEM+SOAR security tool.

In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Powered by Revue