View profile

Microsoft Sentinel this Week - Issue #47

Microsoft Sentinel this Week
Microsoft Sentinel this Week - Issue #47
By Rod Trent • Issue #47 • View online
Good day and happy Friday all you Microsoft Sentinel fans! Welcome to week and issue 47 of our weekly time together.
I want to take a quick second, to welcome to all the new subscribers this week. Thanks for joining us on our journey. I hope this newsletter meets your expectations and welcome to the community. You join a throng of a few thousand additional newsletter readers, so know that you’re in good company.
Last week, during the Microsoft financial reporting it was noted that Microsoft Sentinel is currently being used by over 15,000 customers. That really warms my heart. That is a significant number. But, while this newsletter doesn’t yet reach everyone, I’d say we have a great sampling.
A couple fantastically gifted colleagues of mine, Trevor Stuart and Joe Anich are writing a book for Packt publishing covering the topics necessary to pass the SC-200 exam. For those that have not passed this exam already, this will be a must-have reference.
The book is available for pre-order and will be released in May.
That’s it for me this week. I joined a new team this past week which means I’ll have new opportunities to spread the Sentinel love. There’s already plans in place and I’ll be able to share those and how you can participate in them in the near future.
As always. Don’t keep good things to yourself! If you love this newsletter, share it with someone. Forward the inbox version to a colleague or send them the link to sign-up.
Have a great weekend folks!
Talk soon…
-Rod

Stuff to Read
How to Monitor the Microsoft Sentinel Trial Period – Azure Cloud & AI Domain Blog
Must Learn KQL Part 17: The Let Statement – Azure Cloud & AI Domain Blog
Current support for the Azure Monitor agent with other Azure services.
Cloud-Architekt.net | Monitoring of GitHub Enterprise with Microsoft Sentinel
Optimize your Microsoft Sentinel pricing | by Koos Goossens | Feb, 2022 | Medium
Simulate and Validate CEF Logs to Microsoft Sentinel - CHARBEL NEMNOM - MVP | MCT | CCSP - Cloud & CyberSecurity
Updating Microsoft Sentinel Solutions Creates Duplicates – Azure Cloud & AI Domain Blog
Hunt for PwnKit CVE with Sentinel
Ubiquiti UniFi with Microsoft Sentinel | Thoor.tech
Azure policy initiatives for Microsoft Defender for Cloud and Microsoft Sentinel workload protections – blog.johnjoyner.net
Stuff to Watch/Listen To
Deception in Microsoft Sentinel - Microsoft Sentinel in the Field #3
KQL Cafe | Session 1 | Guest: Rod Trent | January 2022
Stuff to Attend
KQL from down under | Meetup
Ask the product experts live: Azure Monitor Log Analytics - Microsoft Tech Community
Ask the product experts live: Azure Network Security - Microsoft Tech Community
Stuff That's New or Updated
Generally available: Improved Syslog RFC compliance using the new Azure Monitor agent | Azure updates | Microsoft Azure
Microsoft Sentinel – continuous threat monitoring for GitHub - Microsoft Tech Community
The Codeless Connector Platform - Microsoft Tech Community
Create a codeless connector for Microsoft Sentinel | Microsoft Docs
Microsoft Sentinel Now Supports MITRE Techniques – Azure Cloud & AI Domain Blog
PowerBI and Microsoft Project Connectors for Microsoft Sentinel Now in Public Preview – Azure Cloud & AI Domain Blog
Stuff That's Related
Generally available: Azure Monitor diagnostic settings for Azure Storage | Azure updates | Microsoft Azure
Generally available: Azure Monitor agent extension support for automatic upgrade extension feature | Azure updates | Microsoft Azure
Public preview: Execute Azure Monitor Logs connector on an exact time range | Azure updates | Microsoft Azure
The evolution of a Mac trojan: UpdateAgent’s progression - Microsoft Security Blog
Stuff from Partners
Tiberium Tops off Four-fold Growth in Customer Base With Invitation to Join Microsoft MISA
Stuff from the News
Microsoft Sentinel adds threat monitoring for GitHub repos
Doing supply chain differently: strategies to support production
Microsoft launches Modern Log Management Program to help federal agencies accelerate Cyber EO compliance - Microsoft in Business Blogs
Stuff to Have
GitHub - sreedharande/Microsoft-Sentinel-As-A-Code: Export Microsoft Sentinel artifacts like Analytical Rules, Hunting Queries, Workbooks in order to support new feature Repositories CI/CD Pipeline
OKTA Detections
Sentinel-Queries/OAuth-SummarizePermissionGrantedtoApps.kql at main · reprise99/Sentinel-Queries · GitHub
Microsoft-Sentinel-4-SecOps/Okta-Security-Event.md at master · eshlomo1/Microsoft-Sentinel-4-SecOps · GitHub
Sentinel-Queries/OAuth-ApporDelegatedAccessGranted.kql at main · reprise99/Sentinel-Queries · GitHub
Sentinel-Queries/OAuth-InactiveServicePrincipalswithPrivilege.kql at main · reprise99/Sentinel-Queries · GitHub
Sentinel-Queries/OAuth-FirstTimeAppConsent.kql at main · reprise99/Sentinel-Queries · GitHub
Sentinel-Queries/Data-CalculateTableSizeChanges.kql at main · reprise99/Sentinel-Queries · GitHub
Did you enjoy this issue?
Rod Trent

The Microsoft Sentinel weekly newsletter helps uncover the new and important features and news for Microsoft's cloud-based SIEM+SOAR security tool.

In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Powered by Revue