View profile

Microsoft Sentinel this Week - Issue #72

Microsoft Sentinel this Week
Microsoft Sentinel this Week - Issue #72
By Rod Trent • Issue #72 • View online
Welcome to Friday, folks! We made it!
And, welcome to this issue of the weekly newsletter.
Last week, I mentioned my wife and youngest daughter were on their annual girl’s trip. Thanks to all that reached out to give me some solace on missing them. I was actually pretty surprised by the responses. I guess you really do care!
I’m happy to say they returned safely on Monday, and I’ve had a full week of catching up on sleep.
I want to mention one thing this week. This community is, in part, fueled by the LinkedIn community group. So, if you’re looking for more content than just our weekly time together in this newsletter, you should join the group on LinkedIn. There’s a lot of additional engagement there, including the ability to ask questions and get answers pretty quickly.
LinkedIn community group:
The community group membership continues growing by leaps and bounds so there’s always someone available to engage with.
Lastly - surprise! There’s no YAMS (yet another Microsoft survey) this week. That sort of surprises me, too. But no worries. I’m sure YAMS will be back on track next week.
Talk soon.

One more thing...
Before leaving you to this week’s community content, I thought I’d share something extra cool with all of you that I’m sure you’ll appreciate.
For those familiar, through the Must Learn KQL series ( there’s a merch store with various KQL and Sentinel related items. The “My SOC Doesn’t Suck” shirt (and laptop stickers) have become a staple piece of SWAG for our internal workshops. Here’s a picture from the latest class…
Microsoft Sentinel/KQL Workshop
Microsoft Sentinel/KQL Workshop
All proceeds from the merch store go directly to St. Jude Children’s Hospital. That’s just too awesome for words.
On to the newsletter…
Stuff to Read
Discover the power of UEBA anomalies in Microsoft Sentinel - Microsoft Tech Community
Anomalies detected by the Microsoft Sentinel machine learning engine | Microsoft Docs
Reading About Updated Microsoft Sentinel Content in a Microsoft Teams SOC Channel - Azure Cloud & AI Domain Blog
Microsoft and Azure 3rd party SIEM pipeline
Delegate access using Azure Lighthouse for a Sentinel POC – My Faber Security
Am I being attacked?!
Reusing Microsoft Sentinel Watchlists Across Tenants - Azure Cloud & AI Domain Blog
Creating a Rule in Microsoft Sentinel to Detect a Zuorat Malware Infection
What can Microsoft Sentinel do for you and your company's security? - Dynamic People
Stuff to Watch/Listen To
Microsoft Sentinel-Key Benefits and Pricing
Microsoft Sentinel Fusion: New Detection Capabilities & Features Explained
Microsoft Security Insights
Stuff to Attend
Upcoming Microsoft Security webinars
Sign-up to be notified in email:
Community Discussion Stuff
Searching IP CIDR Watchlist for an IP Address
Stuff That's New or Updated
Adding TI in Bulk to Microsoft Sentinel in Public Preview - Azure Cloud & AI Domain Blog
Stuff That's Related
Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits - Microsoft Security Blog
Just what the heck is a “Buffer Overflow” anyway?! – Socialized Geek
Stream Microsoft Defender for IoT alerts to a 3rd party SIEM
Stuff from Partners
EY teams with Microsoft to launch two New Zealand cyber centres - Reseller News
Stuff in the News
Tiberium's cloud-native solutions deliver always-on business protection
Stuff to Have
Microsoft Sentinel SIGMA Rules Workbook
Azure Red Team Attack and Detect Workshop
Sentinel-Queries/Query Pack at main · reprise99/Sentinel-Queries · GitHub
SentinelKQL/WatchlistsCosts.txt at master · rod-trent/SentinelKQL · GitHub
Sentinel-Prod/NSGPortRuleViolation.json at main · edtechjeff/Sentinel-Prod · GitHub
KQL_Intune/Audit-ShowClientCertificates.kql at main · ugurkocde/KQL_Intune · GitHub
KQL_Intune/Audit-ShowDeletedDevices.kql at main · ugurkocde/KQL_Intune · GitHub
KQL_Intune/Audit-ShowFeatureUpdatePolicies.kql at main · ugurkocde/KQL_Intune · GitHub
Sentinel-Prod/NSGPortAddedNotAllowd-Watchlist.json at main · edtechjeff/Sentinel-Prod · GitHub
KQL_Intune/Audit-ShowLocatedDevices.kql at main · ugurkocde/KQL_Intune · GitHub
KQL_Intune/Audit-ShowEnableLostModeDevices.kql at main · ugurkocde/KQL_Intune · GitHub
KQL_Intune/Audit-ShowFeatureUpdatePolicies.kql at main · ugurkocde/KQL_Intune · GitHub
Heartbeat of Azure VM's that are onboarded to MDE
Did you enjoy this issue?
Rod Trent

The Microsoft Sentinel weekly newsletter helps uncover the new and important features and news for Microsoft's cloud-based SIEM+SOAR security tool.

In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Powered by Revue