View profile

Microsoft Sentinel this Week - Issue #70

Microsoft Sentinel this Week
Microsoft Sentinel this Week - Issue #70
By Rod Trent • Issue #70 • View online
Happy Friday everyone! I hope your week was good.
First off, I want to apologize for the newsletter snafu last week. I was off in Ohio Amish land and watched - like many of you - the newsletter delivered but then none of the article links work. The service I use for the weekly newsletters had DNS issues.
DNS. It’s always DNS!
The service was restored by Monday, and nothing was lost (thank goodness), so if you skipped over last week’s newsletter content it’s safe to go back and click on things.
This week, we have a couple YAMS (yet another Microsoft survey) for your participation enjoyment.
1. Threat Intelligence Content and Consumption Survey
The purpose of this form is to gather feedback on the types of threat intelligence reporting that our community is most interested in receiving in terms of both content and format. The questions are geared towards organizations that have individuals formally in threat intelligence analyst roles. 
Participate in the survey here:
2. Help Us Prioritize OT and ICS Connectors for Microsoft Sentinel
With attacks targeting Operational Technology (OT) and Industrial Control Systems (ICS) environments increasing exponentially, we are focusing on developing connectors to bring their security data into Microsoft Sentinel. Our goal is to help you enhance your security monitoring, detection, and proactive threat hunting capabilities. 
In this survey we have a list of vendors, and some of their products, for which we are considering building connectors for Microsoft Sentinel. Your response to this survey will help us gauge which connectors would be the most useful for our customers, and thus help us prioritize our work.
Participate in the survey here:
Have you been following Microsoft SIEM and XDR on Twitter? Or more specifically, @MSThreatProtect?
Well, you can stop following it, or - for those not following it already - just forget I even mentioned it.
There’s a little over 11,000 followers of that account. It’s not been very active and a note just this month indicates that the account will be shutting down.
Instead, you can follow the consolidated account, @msftsecurity for SIEM and XDR content.
I’m on a mission this fiscal year. That mission (and I’ve already chosen to accept it) is to locate non-security conferences at which to speak about security. Security is top-of-mind for everyone, but a lot of times it just seems the effort to get the environment where it needs to be while maintaining the current workload is overwhelming. I’m looking to help with that by delivering useful, helpful guidance that can be easily consumed in chunks.
You can help me. If you know of existing non-security technical conferences, please reach out and let me know about them.
Let me know either over Twitter (@rodtrent) or over LinkedIn (
Thanks all for your continued support and dedication to this community!
Talk soon…

Stuff to Read
Microsoft Sentinel Automation Tips & Tricks – Part 3: Send email notification options - Microsoft Tech Community
How to: Automate On-Premises AD Users to Microsoft Sentinel Watchlist - Azure Cloud & AI Domain Blog
Integrate Microsoft Sentinel and Microsoft Defender for IoT | Microsoft Docs
Extract Microsoft Sentinel MITRE information to CSV file – Yet Another Security Blog
What can Microsoft Sentinel do for you and your company's security? - Dynamic People
Stuff That's New or Updated
Microsoft Sentinel Solution for Dynamics 365 News – New OOB analytics rules templates available now!
Microsoft 365 Defender integration with Microsoft Sentinel
Incident update trigger for automation rules (Preview)
Sentinel OT SOC | Solution Release 1.0.13 - Microsoft Tech Community
Azure Monitor Logs reference - Anomalies | Microsoft Docs
MSTICPy 2.0 - new capabilities for Sentinel Notebooks
Stuff That's Related
Logic Apps for Everyone - A complete guide for anyone!
The Total Economic Impact of Microsoft cloud solutions for CMMC Compliance - Microsoft Tech Community
Stuff from Partners
Binary Defense adds Microsoft Sentinel deployment and management to its Managed Security Services | Binary Defense
Stuff to Have
GitHub - Accelerynt-Security/AS-PagerDuty-Integration: Integrates Microsoft Sentinel with PagerDuty
KQL_Intune/Device-VisualizeTheJoinType.kql at main · ugurkocde/KQL_Intune · GitHub
Did you enjoy this issue?
Rod Trent

The Microsoft Sentinel weekly newsletter helps uncover the new and important features and news for Microsoft's cloud-based SIEM+SOAR security tool.

In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Powered by Revue