View profile

Microsoft Sentinel this Week - Issue #87

Microsoft Sentinel this Week
Microsoft Sentinel this Week - Issue #87
By Rod Trent • Issue #87 • View online
Happy Friday all!
I’m just a couple days away from my next big trip, so this past week has been all about session prep and getting the travel ducks all in a row. And that actually means making sure all my charging cables are packed and I have some movies and books downloaded to watch and read on the plane ride.
I’ll be in Orlando, Florida all next week for TechMentor/Live!360. Thankfully, my trip will be just after the most recent tropical storm subsides. The weather forecast for next week looks phenomenal.
If you remember from earlier this year, I was at the TechMentor event in Redmond on the Microsoft campus. This is an extension of that event. If you’re reading this and you happen to also be there next week, come find me. It would be great to shake hands. Also, if you happen to have a physical copy of the Must Learn KQL book, bring it along. I’ll be happy to sign in. And, if you don’t have a copy and want one, I’ll have a stack of signed books to give away during my sessions.
This week, we’d love if you could participate in the following survey to help us continue to build a better product.
Microsoft 365 Defender - Sentinel Investigation
This survey is focused on investigation experiences using Microsoft Sentinel and Microsoft 365 Defender.
You will have an opportunity to show your interest in meeting with our research team for deeper conversations.
You might remember Andrea Fisher‘s name. During my family beach vacation a couple months ago, Andrea took over the newsletter and did a fantastic job. This time she’s back to drive even more value by highlighting a really excellent solution.
If you missed it this week, we had an awesome Microsoft Security Insights show in which Andrea (and Mike Palitto) talked about a little-known add-on solution for Microsoft Sentinel.
This solution definitely deserves so much more attention. If you want to build an even more efficient SOC or have Sentinel do more of the heavy lifting for small security teams check this out: 
Speaking of Must Learn KQL, the seasonal holiday editions of everything in the merch store are now available. And there’s new stuff, too. Here’s what’s available:
[1] The ever-popular holiday coffee cup is back for the season! https://rodtrent.com/e89
[2] There’s a seasonal KQL song! Yes, a song. And it’s brandished on three different styles of long sleeve t-shirt:
[3] And, then there’s my new absolute favorite (I’ll be wearing this at TechMentor next week!), the KQL'Ling t-shirt: https://rodtrent.com/dyz
As always, all profit from the Must Learn KQL merch sales goes directly to St. Jude Children’s Research Hospital. So, you can feel good about getting yourself something (and your geeky loved ones) and helping others at the same time.
That’s it from me for this week.
Talk soon.
-Rod

Stuff to Read
Secure Logs with Azure Monitor & Microsoft Sentinel | by Tom Hind | Nov, 2022 | Medium
Capturing AAD Password Protection Summaries and Monitoring with Sentinel
Integrating Authomize ITDR with Microsoft Sentinel SIEM
Microsoft Sentinel DNS over AMA connector reference - available fields and normalization schema | Microsoft Learn
Optimize your Microsoft Sentinel pricing | by Koos Goossens | Medium
Roles and permissions in Microsoft Sentinel | Microsoft Learn
Stuff to Watch/Listen To
Microsoft Security Insights Show Episode 127
Listen to Episode 1 – What's new in Cloud Security from Microsoft Ignite 2022 by Atos in Head Securely in the Clouds playlist online for free on SoundCloud
20. MustLearnKQL - Create an Analytic Rule
Stuff to Attend
Stuff That's New or Updated
Update to Microsoft Sentinel’s Technical Playbook for MSSPs is now available (v1.5.1)
Publish new Logstash plugin microsoft-sentinel-logstash-output-plugin… · Azure/Azure-Sentinel@c33f221 · GitHub
Stuff That's Related
Azure Monitor service limits - Azure Monitor | Microsoft Learn
New Experience in Query to Power BI from Kusto Explorer/ Kusto web explorer - Microsoft Community Hub
How to identify queries send to Kusto from a specific Power BI report - Microsoft Community Hub
Stuff in Techcommunity
Retrieve List of Users with Access to Sentinel? - Microsoft Community Hub
OpenSSL version - Microsoft Community Hub
No Analytics Rule for Dark Trace?? - Microsoft Community Hub
Stuff to Have
GitHub - briandelmsft/SentinelAutomationModules: The Microsoft Sentinel Triage AssistanT (STAT) enables easy to create incident triage automation in Microsoft Sentinel
MicrosoftSentinelStuff/Playbooks/Watchlist-Backup at main · h0ffayyy/MicrosoftSentinelStuff · GitHub
Snippets/salesforce-api-alert.kql at main · jonathanbourke/Snippets · GitHub
Did you enjoy this issue?
Rod Trent

The Microsoft Sentinel weekly newsletter helps uncover the new and important features and news for Microsoft's cloud-based SIEM+SOAR security tool.

In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Powered by Revue