Its Friday again and at least one thing holds true today like every week - the newsletter is on the wires.
My wife and my youngest daughter are on their annual girls’ trip to the Upper Peninsula
(UP) this week which means a couple things:
- I miss them dearly and have come to the conclusion that everything I do is centered around them.
- I’ve been working way too much. With no one in the house except for the dog and myself, there’s no reason to shut down for the day.
- Due to the stress of missing them and burning the midnight hours, I’ve not slept really well. I’m tired.
I can’t wait for them return so everything can get back to normal.
This week we have another couple YAMS (Yet Another Microsoft Survey) for you. Has YAMS as an acronym caught on yet? Hmmm…I wonder.
First off, for planning purposes it would be great to get a feeling of your usage of ADX for Sentinel storage.
Planning Feedback: Understanding ADX Usage
If you have data stored in Azure Data Explorer (ADX), we would like to understand your use cases and feedback when it comes to querying data from ADX. This helps us understand your ADX usage and plan the future ADX capabilities with Microsoft Sentinel.
Secondly - and I know this is a big one for a lot of organizations - we’d love to get your feedback on the RBAC req’s for Microsoft Sentinel.
Microsoft Sentinel RBAC Requirements
We are looking to learn more about your experience with the existing Role-Based Access Control (RBAC) capabilities and explore opportunities for improvement. Please share any of your requirements for role or attribute-based access control (R/ABAC) for configuring your Sentinel workspaces, or accessing any of the content (Analytics, Watchlists, Automation Rules, etc.) within it.
And, lastly (yes, there’s one more!) …
Survey on Resiliency and BCDR Options for Microsoft Sentinel
SIEMs are deemed to be mission critical systems that are essential in ensuring that the SOC remains operational in the event of any disruption. While the cloud provides inherent resiliency benefits, and the Microsoft Sentinel service is designed with internal resiliency and failover mechanisms, some Enterprises have expressed a desire to have additional Business Continuity and Disaster Recovery (BCDR) capabilities to increase resiliency.
Given that Enterprises have varying BCDR objectives and have to strike a balance between (residual) risk, deployment complexity and cost - we would like to gather your feedback on what BCDR means to you, what is lacking, and how we can do better.
Among all the myriad of cool things that the Must Learn KQL
series has birthed, there’s now also a Community Discussion board available. So, in addition to chatting with me for KQL questions on Twitter
, you can now also hit up the Must Learn KQL community.
Well, that’s it for me this week. I’d say I was looking forward to the weekend but that still means there’s 3 days left before my wife comes home. I’ll make it. I’m sure of it.