View profile

Microsoft Sentinel this Week - Issue #51

Microsoft Sentinel this Week
Microsoft Sentinel this Week - Issue #51
By Rod Trent • Issue #51 • View online
Hi, all! Welcome to this edition of Microsoft Sentinel this Week. As we embark on issue and week #51, we reached another milestone this past week. This newsletter’s subscriber numbers surpassed another 1,000 subscribers. That’s absolutely amazing to me and so happy to be on this journey together with all of you.
Despite a week filled with new Sentinel features announced and released, I do have one piece of interest to highlight this week. The product team is interested in hearing your thoughts about using Microsoft Sentinel for compliance monitoring.
The purpose of this survey is to learn more about your compliance needs within Microsoft Sentinel. We are working to improve compliance content within Microsoft Sentinel and will use the information you provide to make decisions regarding the inclusion of new features and capabilities.
This survey is focused your compliance needs, regulatory requirements and how you fulfill them using Microsoft Sentinel. 
If you have the time, please visit the following link to supply your thoughts and comments:
Your engagement is truly appreciated!
I’m a bit rushed this week. I have several speaking engagements coming up in the next few weeks (months actually) with one starting tonight. So, I’m head-down trying to finalize my slide deck and my thoughts. To start, I’m delivering a session for the Minneapolis Azure User Group. It’s a bit too weird to me to be delivering something other than a Microsoft Sentinel session as this one is all about KQL. But, for those have been following along in this community for any length of time, you know my love for KQL. So, it should be fun.
So, with that…I leave you to this week’s newsletter content.
Stay safe everyone! Talk soon.

Stuff to Read
Protecting Microsoft Teams with Microsoft Sentinel 
Configure a continuous data pipeline in Microsoft Sentinel for big data analytics! - Microsoft Tech Community
Behind the Scenes: The ML Approach for Detecting Advanced Multistage Attacks with Sentinel Fusion - Microsoft Tech Community
Creating effective NRT detections in Microsoft Sentinel - Microsoft Tech Community
Detecting malware kill chains with Defender and Microsoft Sentinel – Microsoft Sentinel 101
Raise your threat-hunting game with Citrix Analytics for Security and Microsoft Sentinel
See MS Sentinel workbooks when logging into the portal – Yet Another Security Blog
Advanced Azure AD Hunting with Microsoft Sentinel - CHARBEL NEMNOM - MVP | MCT | CCSP - Cloud & CyberSecurity
Stuff to Watch/Listen To
Incident Response Procedures with Microsoft Sentinel
8. MustLearnKQL: The Where Operator
Stuff to Attend
Need a central point of analysis for security events? - Implementing and Administering Microsoft Sentinel Video Tutorial | LinkedIn Learning, formerly
Stuff That's New or Updated
The Advanced SIEM Information Model (ASIM): Now Built into Microsoft Sentinel
Microsoft Sentinel Advanced Security Information Model (ASIM) parsers overview | Microsoft Docs
Stuff That's Related
Reducing Extra Prompts with the Authentication Prompt Analysis Workbook - Microsoft Tech Community
Blocking Users By Country Using Azure Conditional Access - NI Cyber Guy
MSTICPy January 2022 hackathon highlights - Microsoft Security Blog
Create and Maintain Your Own KQL Demo Environment with the New Start-for-free Cluster – Azure Cloud & AI Domain Blog
Stuff from Partners
Orca Security Now Available in the Microsoft Azure Marketplace | Business Wire
Stuff from the News
Azure Monitor Gets Log Analytics Data Export Capability --
Stuff to Have
Sentinel-Queries/Azure-ResourceLockAddedorRemoved.kql at main · reprise99/Sentinel-Queries · GitHub
Sentinel-Queries/Identity-VisualizeLegacyAuth.kql at main · reprise99/Sentinel-Queries · GitHub
Sentinel-Queries/SecurityAlert-DefenderforIdParser.kql at main · reprise99/Sentinel-Queries · GitHub
Sentinel-Queries/Device-VisualizeRDPClients.kql at main · reprise99/Sentinel-Queries · GitHub
Sentinel-Queries/Identity-SummarizeLocationSignins.kql at main · reprise99/Sentinel-Queries · GitHub
Shivammalaviya/UkraineRussia IOCs detection through defender
Did you enjoy this issue?
Rod Trent

The Microsoft Sentinel weekly newsletter helps uncover the new and important features and news for Microsoft's cloud-based SIEM+SOAR security tool.

In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Powered by Revue