View profile

Microsoft Sentinel this Week - Issue #45

Microsoft Sentinel this Week
Microsoft Sentinel this Week - Issue #45
By Rod Trent • Issue #45 • View online
Good day all! As we embark on the 45th issue of this glorious newsletter, I hope you are all happy and healthy and already finding ways to enjoy 2022.
Just a couple quick callouts this week.
First off, the MSTICPY team has come of age and joined the modern ranks. The team is now boasting its own Twitter account. This is where you’ll news and views about the open-source library for InfoSec investigation and hunting in Jupyter Notebooks and Python. If you’re a Twitter'er and need a new account to follow, follow MSTICPY here: https://cda.ms/3Gm
Secondly, we’re pretty proud of another recent accolade. Microsoft Sentinel has been listed as a leader in the KupplingerCole Leadership Compass for SIEM.
“Sentinel offers an unprecedented degree of efficiency and ease of deployment compared to any competing SIEM solution, even the SaaS-based ones.”
You can read through the preview report here: https://cda.ms/3Gp
Interestingly, one of the “challenges” listed in this report is based on on-premises operability - or rather, a SIEM that has an on-premises presence like many of our competitors. We’re working on that, though. I mentioned sometime back about a Hybrid Sentinel offering (see: https://aka.ms/SentinelHybrid ). We’re still working on this and hope to make it an official Solution in the Content Hub soon.
Thanks again to everyone for the continued readership of this newsletter. And also, thanks to everyone who takes the extra step to share this resource with their friends and colleagues. This community continues growing by leaps and bounds and it is absolutely because of your hard work.
Talk soon.
-Rod

Stuff to Read
Must Learn KQL Part 13: The Extend Operator – Azure Cloud & AI Domain Blog
Must Learn KQL Part 14: The Project Operator – Azure Cloud & AI Domain Blog
An Analytics Rule to Report on Analytics Rules in Microsoft Sentinel – Azure Cloud & AI Domain Blog
How to Enable Health Monitoring for Microsoft Sentinel – Azure Cloud & AI Domain Blog
How to Use Office 365 Audit Data with Microsoft Sentinel
Stuff to Watch/Listen To
Managing Microsoft Sentinel using GIT repositories
Deploy and Monitor Azure Key Vault Honeytokens with Microsoft Sentinel
Stuff to Attend
Prepare for Battle – Kill Teams bad actors in their tracks using the power of Microsoft Sentinel – Security Sentinel
Stuff That's New or Updated
Single Sign On Support for authentication in Microsoft Sentinel Notebooks - Microsoft Tech Community
Stuff That's Related
Generally available: Azure Monitor log alerts new version | Azure updates | Microsoft Azure
Learn about 4 approaches to comprehensive security that help leaders be fearless - Microsoft Security Blog
Stuff from Partners
Continuous Threat Monitoring for Dynamics 365 – 365lyf.com
Stuff to Have
Sentinel-Queries/Device-DetectCertUtilConnectingExternally.kql at main · reprise99/Sentinel-Queries · GitHub
Sentinel-Queries/Identity-SummarizeConditionalAccessPoliciesfailures.kql at main · reprise99/Sentinel-Queries · GitHub
SentinelKQL/UnsuccessfulRulesinLast24.txt at master · rod-trent/SentinelKQL · GitHub
Sentinel-Queries/Identity-ServicePrincipalSigninErrors.kql at main · reprise99/Sentinel-Queries · GitHub
Sentinel-Queries/Device-PowershellConnectingtoInternet.kql at main · reprise99/Sentinel-Queries · GitHub
Sentinel-Queries/Identity-ConditionalAccessPoliciesNotinUse.kql at main · reprise99/Sentinel-Queries · GitHub
Stuff from the News
Intelligent SIEM Platforms | KuppingerCole
Did you enjoy this issue?
Rod Trent

The Microsoft Sentinel weekly newsletter helps uncover the new and important features and news for Microsoft's cloud-based SIEM+SOAR security tool.

In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Powered by Revue