Happy Friday everyone!
And welcome to all the new members this week! I’m not sure what’s been happening, but it’s been great to see the newsletter subscriber count skyrocket in the last couple months. And, in addition to the inbox subscribers, there’s been plenty of additional readership in all the places this newsletter is also available to read.
So, welcome! And thanks to all those that have been true believers throughout our journey.
As I noted last week, this will be my last newsletter for a couple weeks as I take my entire family to a beach vacation. But you’re in great hands as Andrea Fisher
will be carrying on my stead.
Big news this past week! The official GitHub repo
surpassed 20,000 commits. That’s a huge accomplishment and really shows how Microsoft Sentinel not only outpaces the competition in improvements, but it also is evidence of a true community-driven effort. Many of those 20,000 commits come from Microsoft Sentinel customers.
I don’t talk enough about our Microsoft Techcommunity. And, you know I probably should considering it came in second in the recent survey about where folks tend to gravitate for Microsoft Sentinel community and support. The Microsoft Techcommunity was surpassed only by the LinkedIn community group
I plan on putting together some guidance around how to get the most of the Techcommunity soon, but in the interim, here’s a memorable link to go directly to the Techcommunity forum for Microsoft Sentinel:
I plan on spending more time here (once back from vacation) answering questions and highlighting the awesome answers from others. This week I’m adding a new section to the newsletter called “Stuff in Techcommunity” where each week I’ll highlight a thread from the forums.
Incidentally, there’s currently no direct KQL forum at Techcommunity. But you can either post your KQL questions there, or use the following instead:
We have a YAMS (yet another Microsoft survey) this week. If this is something that interests you, please take a couple minutes to supply your thoughts.
Sentinel Notebooks Automation Survey
The Microsoft Sentinel engineering team would like to understand your use cases and requirements that you wish to use notebook automation for. By “notebook automation,” we refer to these two different scenarios:
- Notebooks that run on a schedule to generate a custom incident (detection) or hunting output
- Automated investigation or triage on incidents or entities using a notebook automated execution
And, with that:
- I’ll leave you to the rest of the contents of this week’s newsletter.
- I’ll leave you in the awesome hands of Andrea, and…
- I’ll leave you. (I’ll be back from vacation on September 19th).
P.S. You’ll probably still find me puttering around on Twitter
. Just don’t expect me to be as quick with my responses as normal.