View profile

Microsoft Sentinel this Week - Issue #55

Microsoft Sentinel this Week
Microsoft Sentinel this Week - Issue #55
By Rod Trent • Issue #55 • View online
Good day, all! And happy Friday!
It’s been a packed week for me here and I’m definitely looking forward to the weekend ahead.
I have a couple big things to highlight this week. So, bear with me for a minute before I leave you to this week’s newsletter content.
First off, we’ve kicked off the annual Microsoft Sentinel Hackathon! This is an awesome event that allows many of you to participate and share the good things you’ve accomplished with the Sentinel community at large.
This is the 3rd straight year for this event and each year has seen really excellent contributions. So, if you’ve created something over the past year that has delivered on efficiency and value for your own organization, consider participating in the Hackathon. And, for the rest of you, this is your opportunity to take that idea you’ve had for a long while and do something with it.
And, btw, there’s prizes!
  • First Place (1) - $10,000 USD cash prize 
  • Second Place (1) - $4000 USD cash prize
  • Runners Up (2) - $1500 USD cash prize each 
  • Popular Choice (1) - $1000 USD cash prize
I’ve heard from many of you who have daily workloads that are immense, making your opportunities for learning just an extra task. So, long blog posts, Microsoft Learn modules, and webinars just don’t fit into your schedule.
So, I’ve been mulling over how best to approach that for a while. Everyone needs the opportunity to learn and grow. So, for that reason this week I’ve launched a new series of video shorts called Rodcasts.
The name may sound silly, but there was actually quite a discussion about it when I originally wanted to call the series “Snuggies.” Snuggies was intended to be a word combination of Security Nuggets. But, as naive (apparently) as I am, I quickly found that the word snuggies has been taken over by some other definition in various parts of the globe. So, that was out.
Then, I finally figured that I couldn’t go wrong just using my own name as part of it and using a play on words. So, Rodcasts was born.
Rodcasts - or Security Rodcasts - are bite-sized nuggets of security information. The videos are around a minute or less long and focus on one very specific tip, trick, or new security feature. My intent is to deliver at least two of these a week.
Each episode will premiere on YouTube, but will also be available on TikTok and Instagram.
Check out the Security RodCasts Playlist on YouTube when you get a chance. There’s already a couple available. Happy to hear your thoughts, suggestions, and comments.
Each week I’m amazed at how much bigger this newsletter’s reach grows. Thanks all for your continued support of this community!
Talk soon.
-Rod

Stuff to Read
How to Quickly Tell Which Microsoft Sentinel Tables are Configured as Basic Logs – Azure Cloud & AI Domain Blog
Automate your Sentinel incident triage | by Koos Goossens | Wortell | Mar, 2022 | Medium
Configuring Amazon SQS queues using terraform - DEV Community
Store Microsoft Sentinel Logs via Azure Data Explorer | StarWind Blog
Accelerate Compliance with Microsoft Security - CHARBEL NEMNOM - MVP | MCT | CCSP - Cloud & CyberSecurity
Microsoft 365 TechTalk: Microsoft Sentinel for Teams
Analyzing publicly exposed AWS S3 Honey Bucket Logs using MSTICPy | by Ashwin Patil | MSTIC | Mar, 2022 | Medium
Introducing a New Series Called Security Rodcasts – Azure Cloud & AI Domain Blog
Stuff to Watch/Listen To
How to create custom ASIM parsers for your log sources
Getting Started with KQL
Keeping Your Microsoft Sentinel Solutions Updated
Use Watchlist to Manage Alerts, Reduce Alert Fatigue, and Improve SOC Efficiency
Understanding your MITRE ATT&CK coverage | Microsoft Sentinel in the Field #6
Better Together: Microsoft Sentinel - IT/OT Threat Monitoring with Defender for IoT Solution
The Microsoft Security Insights Podcast is Coming to Microsoft Reactor – Azure Cloud & AI Domain Blog
KQL Cafe | Session 3 | Guest: Matt Lowe | March 2022
What Analytics Should I Use - Microsoft Sentinel
Stuff to Attend
Stuff That's New or Updated
Microsoft Sentinel Ninja Training - the March 2022 update - Microsoft Tech Community
Stuff That's Related
Monitor Azure Data Explorer ingestion, commands, and queries using diagnostic logs | Microsoft Docs
Azure Monitor Alert Reports with Azure Resource Graph - CloudSMA
Stuff from Partners
Logicalis | Logicalis awarded multiple Microsoft Security Advanced Specialisations
Stuff to Have
Sentinel-Queries/OfficeActivity-MultipleFilesSharedtoGuests.kql at main · reprise99/Sentinel-Queries · GitHub
Sentinel-Queries/Audit-NamedLocationsChanged.kql at main · reprise99/Sentinel-Queries · GitHub
Sentinel-Queries/OfficeActivity-CalculateTimetoDetectMalware.kql at main · reprise99/Sentinel-Queries · GitHub
Sentinel-Queries/Identity-UserTryingtoAccessMultipleApps.kql at main · reprise99/Sentinel-Queries · GitHub
Sentinel-Queries/Identity-ConditionalAccessMostFailures.kql at main · reprise99/Sentinel-Queries · GitHub
Sentinel-Queries/OfficeActivity-FindUserswhoDownloadedMalware.kql at main · reprise99/Sentinel-Queries · GitHub
Did you enjoy this issue?
Rod Trent

The Microsoft Sentinel weekly newsletter helps uncover the new and important features and news for Microsoft's cloud-based SIEM+SOAR security tool.

In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Powered by Revue