Happy Friday everyone! Thanks to everyone that’s been here for a while and welcome to all the new subscribers this week.
Before getting into the content of the newsletter, there’s a few things to highlight…
First off, we have a couple YAMS (yet another Microsoft survey). It’s getting near the end of the fiscal year at Microsoft, so expect a few more of these to filter through in the coming weeks as planning for product features and enhancements commences. Not that Sentinel isn’t already in a continual update cycle, just that there’s some decision points that need to be made and we need your help to decide where to focus.
The first one is focused on the Out-of-the-box Content that Microsoft Sentinel provides.
Microsoft Sentinel provides more than 100+ Solutions, 190+ data connectors and thousands of individual contents (workbooks, playbooks, watchlist, hunting queries, analytics rules etc.) available out of the box.
Your feedback will help us better understand the content that is most useful to you and will help your experience with the product.
The second one, is about the URL detonation feature.
Security operations center (SOC) analysts constantly face the challenge of determining where to focus. URL detonation in Microsoft Sentinel provides insights that can enable SOC analysts to triage alerts faster. For example, logs ingested by Microsoft Sentinel can contain URLs. For alerts that include a URL (e.g., a URL visited by a user from within the corporate network), that URL can be automatically detonated to gain added insight that can help accelerate the triage process.
We are looking to better understand how you utilize the URL detonation feature for your investigation efforts and how we can improve the capability.
Well, we made it. Myself and my colleagues kicked off the inaugural episode of the Microsoft Security Insights show on Microsoft Reactor Wednesday evening. The show was a good one. Some of you showed up for the live event and provided commentary and questions. I hope you enjoyed listening and watching.
For those that missed it, the replay is available now. With Matt Soseman as our guest, the conversation turned to the obvious topics of Zero Trust and Identity security. Each time I talk to Matt, I feel like I’m smarter afterward. And I know you’ll feel that way, too.
And you can prepare now for our next Microsoft Reactor episode on May 25th when our good friend and Microsoft Sentinel PM, Jing Nghik will be on.
I have a few other things I wanted to chat about this week, but I’ll save that for next issue as I’m fighting through a head cold as I write this.
Have a great week, everyone!