Microsoft Sentinel this Week - Issue #60 | Revue (getrevue.co)
Happy Friday all!
I’m out and about this week at an in-person conference at the Mall of America in Bloomington, MN. It’s been a fantastic week talking about Defender for Cloud and Microsoft Sentinel to a group of folks that aren’t normally focused on security. There’s real interest in how Microsoft security offerings can bolster a career and can be integrated with current workloads without overwhelming.
I’ll have more to share about this week’s experiences in next week’s newsletter.
We have a couple new surveys this week that I know is of interest to a large number of people.
For the first one
, I published a Playbook template for sending a daily email of Sentinel Incidents
recently that a lot of you found useful. We’re trying to simplify this capability because it is so popular and valuable.
From the product team:
Today, emails can be sent automatically when incidents and alerts are created using playbooks. There are playbook templates ready-to-use, which leverage the Outlook Logic Apps connector.
Using playbooks for sending emails has great benefits: It allows full customization of the email message and advanced capabilities such as approvals. On the other hand, we hear customer challenges using this method.
We are looking to allow customers to easily send emails by Automation Rules. We are seeking to learn about real-life email-scenarios to make sure we design the feature to fit your needs.
We appreciate your feedback on our form. We are committed to reviewing every data point in detail and we will get back to you if we have questions. Please note that in some cases, platform limitations prevent us from developing an integration. Also, we may have limited resources, so not every request will be prioritized.
The second one is focused on Microsoft Sentinel Fusion.
Microsoft Sentinel uses Fusion, a correlation engine based on scalable machine learning algorithms, to automatically detect multistage attacks by identifying combinations of anomalous behaviors and suspicious activities that are observed at various stages of the kill chain. On the basis of these discoveries, Microsoft Sentinel generates incidents that would otherwise be difficult to catch. These incidents comprise two or more alerts or activities. By design, these incidents are low-volume, high-fidelity, and high-severity.
As we continue to expand the Fusion coverage to help you detect emerging and advanced attacks, and improve the experiences to help you speed up the investigation, we’d like to learn more from you. In this survey, we’d like to get your perspectives on:
- Fusion detection
- Customization/configuration options for Fusion
Lastly, I had awesome discussions with customers this week. Delivering Microsoft Sentinel sessions to a group of folks who have zero knowledge of the product was absolutely rewarding. I could see lightbulbs go off as I was describing the features and value. One individual - experienced with “other” SIEMs who is now sold on Sentinel - invented a new tagline which has now been turned into a T-shirt.
All proceeds go to St. Jude.
That’s it for me for this week. It’s time to pack up and head home.