View profile

Microsoft Sentinel this Week - Issue #79

Microsoft Sentinel this Week
Microsoft Sentinel this Week - Issue #79
By Rod Trent • Issue #79 • View online
Hi everyone. It’s me again. Andrea with two “As” and an “N” but not where you thiiiiink. (Shout out to all you She-Hulk fans - Wongers and Madisynn 4-ever).
Anyway, hope everyone is doing well. I assume you are all deep into college football and/or awaiting the arrival of pumpkin spice lattes. Even though it’s still 90+ degrees in Florida, every store I visit is filled with Halloween costumes and Thanksgiving decorations. I’m as excited for candy bars and turkey as the next person but can we at least wait until September 1 for the holiday push to begin! At least they haven’t started playing “Here Comes Santa Claus” yet.
Rod will be back next week, I promise. Thanks again for letting me crash the party.
Here’s a new way to learn KQL … join the Kusto Detective Agency! This is brilliant. It delivers a game-based approach to digging into the cloud’s query language.
Here’s how this works:
  • There are a total of five cases to solve.
  • Cases are released every two weeks, on Sundays
  • There are a limited number of prizes for those who solve the case first, BUT
  • A digital badge is given to every player who correctly solves a case
  • All previous cases will remain active for play even after the new cases are published
And, of course, keep working on your Must Learn KQL progress to get your certificate:

Stuff to Read
Stream and filter Windows DNS logs with the AMA connector | Microsoft Docs
Choosing an Appropriate Retention Period for Microsoft Sentinel Workspaces
Introduction to Machine Learning Notebooks in Microsoft Sentinel
Stuff to Watch/Listen To
Kusto Query Language (KQL) Overview
Stuff to Attend
Microsoft Ignite - Join us on October 12-14
Stuff That's New or Updated
New Blog Post | Microsoft Sentinel customizable machine learning based anomalies Generally Available - Microsoft Tech Community
Create and delete incidents in Microsoft Sentinel - Microsoft Tech Community
Stuff That's Related
Enable File Integrity Monitoring (Azure Monitor Agent) | Microsoft Docs
Improving your security baseline with KQL – Microsoft Sentinel 101
Implementing a Zero Trust strategy after compromise recovery - Microsoft Security Blog
Attackers Can Compromise Most Cloud Data in Just 3 Steps
Stuff in Techcommunity
Linking a workbook to an incident/analytics rule - Microsoft Tech Community
Stuff from Partners
Tanium Unveils Groundbreaking Integration with Microsoft Sentinel | Tanium
Microsoft Sentinel Integration - Go Tanium Tech Talks #47
Microsoft CVP Ann Johnson and Tanium CEO Orion Hindawi on the companies' transformative partnership
CSP Lighthouse -
Stuff in the News
Watering Hole Attacks Push ScanBox Keylogger | Threatpost
Stuff to Have
Did you enjoy this issue?
Rod Trent

The Microsoft Sentinel weekly newsletter helps uncover the new and important features and news for Microsoft's cloud-based SIEM+SOAR security tool.

In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Powered by Revue