View profile

Microsoft Sentinel this Week - Issue #69

Microsoft Sentinel this Week
Microsoft Sentinel this Week - Issue #69
By Rod Trent • Issue #69 • View online
Hi, all! Happy Friday!
It’s been a wonderful week here at Trent Manor. As you know from past newsletters, I’ve been taking time off the past week to enjoy friends and family. It started with a head cold, so it definitely had no way to go but up.
There are a couple things to highlight about this past week before I leave you to the newsletter content.
First off, we didn’t make a big deal about it, but the Logic Apps Standard integration into Microsoft Sentinel is now in General Availability (GA).
For more information about this, why it’s important, and how it might impact you, see the following:
Lastly, as there’s so much focus recently on certifications and certification renewals - particularly for those of us who are still waiting for their SC-100 beta results <groan> - here’s something I thought would be beneficial to us all.
We are inviting everyone to participate in the annual IT Skills and Salary Survey led by Skillsoft. Think about how has Microsoft training and certification impacted your career?
Survey is here:
I’ll be back in the office and completely active next week (after clearing out my awaiting email inbox). I’m looking forward to how this newsletter and community will grow in the next Microsoft fiscal year. Thanks so much for being part of this ongoing effort and thanks for being such stalwarts for Microsoft security.
Talk soon.

Stuff to Read
Microsoft Sentinel Automation Tips & Tricks – Part 1: Automation rules - Microsoft Tech Community
Alert When Microsoft Sentinel Daily Ingestion Reaches a Threshold - Azure Cloud & AI Domain Blog
Become a Microsoft Sentinel Automation Ninja! - Microsoft Tech Community
Microsoft Sentinel: Things to know before you start migrate to a new resource group in the same tenant – Sabrina Kay's Blog
Deploying Microsoft Sentinel Threat Monitoring for SAP agent into an AKS/Kubernetes cluster - Microsoft Tech Community
Refer GCP IP Ranges in KQL & Microsoft Sentinel
The TOR IP List for Microsoft Sentinel
Stuff to Watch/Listen To
13.MustLearnKQL: The Extend Operator
Stuff That's New or Updated
Migrate your Microsoft Sentinel alert-trigger playbooks to automation rules | Microsoft Docs
What’s new: Centrally manage automated response to alerts with automation rules - Microsoft Tech Community
Stuff That's Related
How to create API connection (Logic App consumption) using ARM REST API - Microsoft Tech Community
Public preview: Migration tools for Azure Monitor Agent | Azure updates | Microsoft Azure
Stuff from Partners
Arista NDR for Microsoft Sentinel
Stuff to Have
Microsoft Defender for Identity Workbook for Microsoft Sentinel
Microsoft-Sentinel-Queries/SuddenSpikeInDataIngestion.kql at main · le0li9ht/Microsoft-Sentinel-Queries · GitHub
Sentinel/security-alert-mdi-samr.kql at 0afe5a272161cfc794815c4dcd586f6756e2ccd1 · Jaekk0/Sentinel · GitHub
KQL_Intune/Device-VisualizeNumberofDeviceswithdifferentSKU.kql at main · ugurkocde/KQL_Intune · GitHub
KQL_Intune/Audit-WipedDevices.kql at main · ugurkocde/KQL_Intune · GitHub
KQL_Intune/Device-ListofallDevicesthatwhereaddedtoIntunewithOSPlatforminformation.kql at main · ugurkocde/KQL_Intune · GitHub
KQL_Intune/Device-LastTimeTheDeviceWasActive.kql at main · ugurkocde/KQL_Intune · GitHub
Did you enjoy this issue?
Rod Trent

The Microsoft Sentinel weekly newsletter helps uncover the new and important features and news for Microsoft's cloud-based SIEM+SOAR security tool.

In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Powered by Revue