View profile

Microsoft Sentinel this Week - Issue #86

Microsoft Sentinel this Week
Microsoft Sentinel this Week - Issue #86
By Rod Trent • Issue #86 • View online
Happy Friday all!
I just want to make it a quick point to thank you all for tuning in and continuing to tune in. This newsletter - and this community - continues to grow by leaps and bounds.
I regularly receive feedback about how this newsletter is the one thing people read throughout each week.
Your community patronage is amazing and always appreciated. Remember, if you see something you like in the newsletter content don’t keep it to yourself. Share it with someone that needs it. That’s how we continue to grow.
Are you interested in helping improve Basic Logs for Microsoft Sentinel?
If you are ingesting large amounts of temporary data to Microsoft Sentinel but NOT using Basic Logs for one reason or another, this study is for you.
Sign up here if you’d like to participate: https://rodtrent.com/ei1
The Must Learn KQL Christmas edition has been relaunched for the holidays! 
Know someone (or yourself) that lives (and loves) KQL? This could be better than a Christmas Hallmark movie.
Drop out to the Must Learn KQL merch link and fill someone’s Christmas stocking with geekness:
**All proceeds go to St. Jude.
Even with the purposeful effort to consolidate security portals I think you’ll agree with me that Microsoft still has portal glut. I found the Microsoft Cloud command line this past week and thought I’d share with all of you. If you’ve not seen this already, you’ll thank me for the link: https://cmd.ms/
That’s it from me for this week. Have a wonderful weekend and week ahead!
Talk soon.
-Rod

Stuff to Read
Everything you need to get started with Architecting and Design Microsoft Sentinel (2022) | by Andre Camillo | Microsoft Azure | Nov, 2022 | Medium
Which data connector and activity is free in Microsoft Sentinel? 
How to Use Microsoft 365 Defender and Sentinel to Defend Against Zero Day Threats: Part I
DevSecOps on Azure - part10: Detect and respond to security events in Azure with Microsoft Sentinel - TechMindFactory.com
Update Multiple Analytics in Sentinel At Once
Analyze usage and cost in Log Analytics - Microsoft Sentinel
Capturing AAD Password Protection Summaries and Monitoring with Sentinel
Stuff to Watch/Listen To
Using Content Hub to manage your SIEM content | Microsoft Sentinel in the Field #10
Microsoft Security Insights Show, Episode 126
Ep.S4E1 - Ann Johnson - Corporate Vice President - Security, Compliance, & Identity at Microsoft - CISO's Secrets
Stuff to Attend
Changing the Game with KQL
When Threats Occur Beyond MDR Security Workflows | BlueVoyant
Stuff That's Related
A New Foundation For Logic Apps Designer
KQL’s mv-apply command – Yet Another Security Blog
Stuff in Techcommunity
How to Prevent Duplicate Incidents from Being Generated due to Long Data Look Back - Microsoft Community Hub
How to combine query with same table. - Microsoft Community Hub
Stuff from Partners
Orange Cyberdefense: Managed Threat Detection for Microsoft Sentinel
Guide: The Ultimate Guide To Maximizing Microsoft Security ROI - Difenda
Stuff in the News
Microsoft is named a Leader in the 2022 Gartner® Magic Quadrant™ for Security Information and Event - Microsoft Community Hub
Stuff to Have
Flow Log Analytics Workbook
GitHub - reprise99/kql-for-dfir: A guide to using Azure Data Explorer and KQL for DFIR
Hunting-Queries-Detection-Rules/DFIR at main · Bert-JanP/Hunting-Queries-Detection-Rules · GitHub
MICROSOFT SENTINEL MITRE ATT&CK CAMPAIGNS WORKBOOK
GitHub - Accelerynt-Security/AS-Import-AD-Group-Users-to-MS-Watchlist: This playbook is intended to be run on a schedule. It will add the users from a specified Azure Active Directory group to a Microsoft Sentinel watchlist.
Sentinel-Queries/Device-DetectInboundPublicRDP.kql at main · reprise99/Sentinel-Queries · GitHub
Did you enjoy this issue?
Rod Trent

The Microsoft Sentinel weekly newsletter helps uncover the new and important features and news for Microsoft's cloud-based SIEM+SOAR security tool.

In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Powered by Revue