View profile

Microsoft Sentinel this Week - Issue #77

Microsoft Sentinel this Week
Microsoft Sentinel this Week - Issue #77
By Rod Trent • Issue #77 • View online
Happy Friday everyone!
And welcome to all the new members this week! I’m not sure what’s been happening, but it’s been great to see the newsletter subscriber count skyrocket in the last couple months. And, in addition to the inbox subscribers, there’s been plenty of additional readership in all the places this newsletter is also available to read.
So, welcome! And thanks to all those that have been true believers throughout our journey.
As I noted last week, this will be my last newsletter for a couple weeks as I take my entire family to a beach vacation. But you’re in great hands as Andrea Fisher will be carrying on my stead.
Big news this past week! The official GitHub repo surpassed 20,000 commits. That’s a huge accomplishment and really shows how Microsoft Sentinel not only outpaces the competition in improvements, but it also is evidence of a true community-driven effort. Many of those 20,000 commits come from Microsoft Sentinel customers.
I don’t talk enough about our Microsoft Techcommunity. And, you know I probably should considering it came in second in the recent survey about where folks tend to gravitate for Microsoft Sentinel community and support. The Microsoft Techcommunity was surpassed only by the LinkedIn community group.
I plan on putting together some guidance around how to get the most of the Techcommunity soon, but in the interim, here’s a memorable link to go directly to the Techcommunity forum for Microsoft Sentinel:
I plan on spending more time here (once back from vacation) answering questions and highlighting the awesome answers from others. This week I’m adding a new section to the newsletter called “Stuff in Techcommunity” where each week I’ll highlight a thread from the forums.
Incidentally, there’s currently no direct KQL forum at Techcommunity. But you can either post your KQL questions there, or use the following instead:
We have a YAMS (yet another Microsoft survey) this week. If this is something that interests you, please take a couple minutes to supply your thoughts.
Sentinel Notebooks Automation Survey
The Microsoft Sentinel engineering team would like to understand your use cases and requirements that you wish to use notebook automation for. By “notebook automation,” we refer to these two different scenarios:
  1. Notebooks that run on a schedule to generate a custom incident (detection) or hunting output
  2. Automated investigation or triage on incidents or entities using a notebook automated execution
And, with that:
  1. I’ll leave you to the rest of the contents of this week’s newsletter.
  2. I’ll leave you in the awesome hands of Andrea, and…
  3. I’ll leave you. (I’ll be back from vacation on September 19th).
Talk soon.
-Rod
P.S. You’ll probably still find me puttering around on Twitter and LinkedIn. Just don’t expect me to be as quick with my responses as normal.

Stuff to Read
Microsoft Sentinel Solutions in Preview- September 2022 Cycle - Microsoft Tech Community
Azure Lighthouse and Sentinel: Assigning access to managed identities in the customer tenant – My Faber Security
Tutorial: Configure security analytics for Azure Active Directory B2C data with Microsoft Sentinel
Get OCI IP Ranges to Sentinel
Troubleshoot Amazon Web Services S3 connector issues - Microsoft Tech Community
How to: Automate On-Premises AD Users to Microsoft Sentinel Watchlist - Azure Cloud & AI Domain Blog
SOC Monitor wall – Planning the Setup (Part 1) - Workplace Ninja's
Activating a Microsoft Sentinel’s Solution’s analytic rules – Yet Another Security Blog
Hybrid security monitoring with Microsoft Sentinel - Azure Architecture Center | Microsoft Docs
Enabling AD FS Security Auditing 📡 and Shipping Event Logs to Microsoft Sentinel 🛡️ - Microsoft Tech Community
Stuff to Watch/Listen To
Advancing Investigations with Threat Intelligence
Blue Security Podcast - 2022-08-28 - Beyond Microsoft 365 E5
Stuff to Attend
Stop Ransomware with Microsoft Security 2022 - Home - Home
Stuff That's New or Updated
Microsoft 365 Defender now includes the integration of Azure Active Directory Identity Protection (AADIP) alerts and incidents
Stuff That's Related
Upgrading Servers from Microsoft Monitoring Agent to Unified Agent. – Microsoft Defender Gurus
Migrate to Azure Monitor Agent for better security, reliability and ease of management - Microsoft Tech Community
New productivity features in Kusto Explorer - Microsoft Tech Community
Stuff in Techcommunity
Microsoft Sentinel Potentially malicious events - Flagging as Safe/Informational? - Microsoft Tech Community
Stuff from Partners
Now Available: Mandiant Advantage Threat Intelligence Connector for Microsoft Sentinel | Mandiant
Kaspersky, Microsoft partner to bring threat intel to Sentinel users | ITWeb
Try before you buy: Road-testing Microsoft Sentinel for a local housing association
Stuff to Have
SentinelKQL/RetentionPerTable.txt at master · rod-trent/SentinelKQL · GitHub
SentinelKQL/DataRetentionChanges.txt at master · rod-trent/SentinelKQL · GitHub
Report on Azure Sentinel rules
Use PowerShell with Azure Sentinel – CIAOPS
GitHub - Pavel-Hrabec/Sentinel-Automation
Did you enjoy this issue?
Rod Trent

The Microsoft Sentinel weekly newsletter helps uncover the new and important features and news for Microsoft's cloud-based SIEM+SOAR security tool.

In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Powered by Revue