View profile

Microsoft Sentinel this Week - Issue #85

Microsoft Sentinel this Week
Microsoft Sentinel this Week - Issue #85
By Rod Trent • Issue #85 • View online
Happy Friday everyone!
I don’t know about you, but I love this time of year. Where I am, in Ohio, the leaves are vibrant colors this year and the trees are getting pretty bare. I love all the things about the cold, the holiday events, everything. It’s just a good time of year.
I spent an evening in Cleveland, Ohio on Tuesday. Many of you are aware of the recent announcement about a Tanium/Microsoft partnership. In its early stages, this partnership has exhibited itself in a Tanium Solution (in the Content hub) for Microsoft Sentinel, enabling Sentinel to take advantage the diverse and valuable signals the Tanium agent collects.
I sat around a dinner table in the basement at the Marble Room in Cleveland with several key CISOs and CTOs of the local area discussing the partnership in a round table event. The four-hour event produced some excellent conversation and those in attendance agree that this partnership has a lot of potential.
A few of the things that really stuck out to me were this:
  1. Organizations see Microsoft as a security leader
  2. Organizations would love better integration with partner offerings, i.e., allow a snap-in framework so partner offerings fit in existing consoles
  3. Many organizations have adopted a Microsoft-first strategy
  4. Defender and Sentinel lead interests at all of these organizations
  5. Organizations are struggling with unifying teams and tools
  6. Organizations are being tasked with doing more with what they already have
There are many other aspects of this partnership that will be made known in the coming months including some big benefits for Defender and other Microsoft products.
For those interested, we’re planning the next one of these in Milwaukee in December.
Stay tuned.
Talk soon.
-Rod

Stuff to Read
Favorite security-focused open-source workbooks for Azure Monitor and Microsoft Sentinel
Things to Do After October 24 When Microsoft 365 Defender for Microsoft Sentinel Integrates AADIP Alerts and Incidents - Azure Cloud & AI Domain Blog
How Microsoft helps SLTT governments apply for cybersecurity grants - Microsoft Security Blog
Scenarios detected by the Microsoft Sentinel Fusion engine | Microsoft Learn
Stuff to Attend
Stuff to Watch/Listen To
Listen to Episode 1 – What's new in Cloud Security from Microsoft Ignite 2022 by Atos in Head Securely in the Clouds playlist online for free on SoundCloud
Microsoft Sentinel & Machine Learning: Make your life easier!
Getting started with sample gallery
Microsoft Security Insights Episode 125
Stuff That's New or Updated
Upcoming changes to the CommonSecurityLog table - Microsoft Community Hub
Stuff That's Related
Estimating Azure Diagnostics Cost - Microsoft Community Hub
Identity Protection alerts are coming to Microsoft 365 Defender - Microsoft Community Hub
parse-kv operator - Azure Data Explorer | Microsoft Learn
Kusto Detective Agency - Hints // Thoor.tech
Stuff from Partners
Equitable Bank thwarts red team with comprehensive Microsoft Security solutions
Stuff in Techcommunity
Microsoft 365 defender - Microsoft Community Hub
Sentinel Data - where to after 90 days? - Microsoft Community Hub
Stuff to Have
Release Fixes for MS Sentinel API and configuration · microsoft/msticpy · GitHub
Sentinel-Queries/Identity-AuthenticationStrengthsParser at main · reprise99/Sentinel-Queries · GitHub
SentinelKQL/ReportNoData.txt at master · rod-trent/SentinelKQL · GitHub
Snippets/sentinel-sfdc-private-link.json at main · jonathanbourke/Snippets · GitHub
Did you enjoy this issue?
Rod Trent

The Microsoft Sentinel weekly newsletter helps uncover the new and important features and news for Microsoft's cloud-based SIEM+SOAR security tool.

In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Powered by Revue