New Blog Post | Microsoft Sentinel this Week - Issue #62

%3CLINGO-SUB%20id%3D%22lingo-sub-3406713%22%20slang%3D%22en-US%22%3ENew%20Blog%20Post%20%7C%20Microsoft%20Sentinel%20this%20Week%20-%20Issue%20%2362%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3406713%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22AshleyMartin_0-1653062436142.png%22%20style%3D%22width%3A%20658px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F373654i127ECF3333B9832A%2Fimage-dimensions%2F658x330%3Fv%3Dv2%22%20width%3D%22658%22%20height%3D%22330%22%20role%3D%22button%22%20title%3D%22AshleyMartin_0-1653062436142.png%22%20alt%3D%22AshleyMartin_0-1653062436142.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fwww.getrevue.co%2Fprofile%2FAzureSentinelToday%2Fissues%2Fmicrosoft-sentinel-this-week-issue-62-1177529%3FWT.mc_id%3Dmodinfra-67211-rotrent%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3EMicrosoft%20Sentinel%20this%20Week%20-%20Issue%20%2362%20%7C%20Revue%20(getrevue.co)%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CDIV%20class%3D%22revue-p%22%3EHappy%20Friday%20all!%3C%2FDIV%3E%0A%3CDIV%20class%3D%22revue-p%22%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CDIV%20class%3D%22revue-p%22%3EWelcome%20to%20the%2062nd%20issue%20of%20our%20fine%20Microsoft%20Sentinel%20newsletter.%20There%E2%80%99s%20lots%20of%20great%20content%20this%20week%20(as%20usual%20some%20would%20say)%20and%20only%20a%20couple%20additional%20things%20to%20highlight.%3C%2FDIV%3E%0A%3CDIV%20class%3D%22revue-p%22%3E%E2%80%A6%3C%2FDIV%3E%0A%3CDIV%20class%3D%22revue-p%22%3EFirst%20off%2C%20of%20all%20places%2C%20I%E2%80%99m%20driving%20to%20Ft.%20Wayne%2C%20Indiana%20on%20Saturday.%20I%E2%80%99ll%20be%20driving%203%20hours%20to%20make%20my%20session%20time%20for%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fcda.ms%2F4jy%3Futm_campaign%3DMicrosoft%2520Sentinel%2520this%2520Week%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3DRevue%2520newsletter%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3EBSides%20Security%20Ft.%20Wayne%3C%2FA%3E.%20This%20is%20an%20annual%20security%20conference%20held%20at%20Sweetwater%20Sound.%20If%20you%E2%80%99re%20not%20familiar%2C%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fcda.ms%2F4jB%3Futm_campaign%3DMicrosoft%2520Sentinel%2520this%2520Week%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3DRevue%2520newsletter%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3ESweetwater%3C%2FA%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3Eis%20one%20of%20the%20largest%20music%20equipment%20distributors%20in%20the%20US.%20I%E2%80%99ve%20never%20been%20there%20before%2C%20but%20my%20youngest%20son%20(the%20drummer%20in%20the%20band%2C%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fopen.spotify.com%2Fartist%2F7vLfa0JYX6BhgYCiNxNJ7a%3Fsi%3DvQtTQfq2RKG5IYZa5nFABA%26amp%3Butm_campaign%3DMicrosoft%2520Sentinel%2520this%2520Week%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3DRevue%2520newsletter%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3EUrbania%3C%2FA%3E)%20loves%20the%20place%20and%20visits%20a%20couple%20times%20a%20year.%3C%2FDIV%3E%0A%3CDIV%20class%3D%22revue-p%22%3ESo%2C%20I%E2%80%99m%20really%20looking%20forward%20to%20talking%20about%20SOC%20Efficiency%20with%20this%20group.%20Wish%20me%20luck!%3C%2FDIV%3E%0A%3CDIV%20class%3D%22revue-p%22%3EAnd%20if%20you%20happen%20to%20be%20attending%20this%20thing%2C%20let%20me%20know.%3C%2FDIV%3E%0A%3CDIV%20class%3D%22revue-p%22%3EDue%20to%20the%203-hour%20drive%20each%20way%2C%20I%20probably%20won%E2%80%99t%20be%20hanging%20around%20for%20too%20long%20after%20I%20deliver%20my%20session.%3C%2FDIV%3E%0A%3CDIV%20class%3D%22revue-p%22%3EAnd%20even%20if%20you%20can%E2%80%99t%20join%20in-person%2C%20you%20can%20join%20virtually%3A%3C%2FDIV%3E%0A%3CDIV%20class%3D%22revue-p%22%3E%3CSTRONG%3ELive%20Chat%3A%3C%2FSTRONG%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Flnkd.in%2FgmUUxwMg%3Futm_campaign%3DMicrosoft%2520Sentinel%2520this%2520Week%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3DRevue%2520newsletter%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3Ehttps%3A%2F%2Flnkd.in%2FgmUUxwMg%3C%2FA%3E%3C%2FDIV%3E%0A%3CDIV%20class%3D%22revue-p%22%3E%3CSTRONG%3ELive%20Stream%3A%3C%2FSTRONG%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Flnkd.in%2Fg9M5rbfi%3Futm_campaign%3DMicrosoft%2520Sentinel%2520this%2520Week%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3DRevue%2520newsletter%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3Ehttps%3A%2F%2Flnkd.in%2Fg9M5rbfi%3C%2FA%3E%3C%2FDIV%3E%0A%3CDIV%20class%3D%22revue-p%22%3E%E2%80%A6%3C%2FDIV%3E%0A%3CDIV%20class%3D%22revue-p%22%3EWe%20have%20a%20YAMS%20(Yet%20Another%20Microsoft%20Survey)%20this%20week.%20Help%20us%20help%20you!%3C%2FDIV%3E%0A%3CDIV%20class%3D%22revue-p%22%3E%3CSTRONG%3EFeedback%20for%20Microsoft%20Sentinel%20Tutorials%3C%2FSTRONG%3E%3C%2FDIV%3E%0A%3CDIV%20class%3D%22revue-p%22%3E%3CEM%3EThe%20Microsoft%20Sentinel%20engineering%20team%20is%20looking%20to%20improve%20and%20increase%20the%20list%20of%20Microsoft%20Sentinel%20tutorials%20that%20you%20can%20find%20at%26nbsp%3B%3C%2FEM%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fazure%2Fsentinel%2F%3Futm_campaign%3DMicrosoft%2520Sentinel%2520this%2520Week%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3DRevue%2520newsletter%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%3CEM%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fazure%2Fsentinel%2F%3C%2FEM%3E%3C%2FA%3E%3CEM%3E%2C%20under%20the%20section%20Tutorials%20(see%20picture%20in%20the%20first%20question).%20The%20tutorials%20are%20created%20to%20help%20customers%20who%20are%20either%20at%20the%20initial%20steps%20of%20their%20Microsoft%20Sentinel%20deployments%2C%20or%20expanding%20them%2C%20and%20who%20are%20looking%20for%20guidance%20on%20securing%20their%20most%20important%20scenarios.%3C%2FEM%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CDIV%20class%3D%22revue-p%22%3ERespond%20here%3A%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fcda.ms%2F4jM%3Futm_campaign%3DMicrosoft%2520Sentinel%2520this%2520Week%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3DRevue%2520newsletter%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3Ehttps%3A%2F%2Fcda.ms%2F4jM%3C%2FA%3E%3C%2FDIV%3E%0A%3CDIV%20class%3D%22revue-p%22%3E%E2%80%A6%3C%2FDIV%3E%0A%3CDIV%20class%3D%22revue-p%22%3EBefore%20leaving%20you%20to%20the%20newsletter%20content%2C%20I%20have%20one%20more%20big%20note.%3C%2FDIV%3E%0A%3CDIV%20class%3D%22revue-p%22%3EThe%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FMustLearnKQL%3Futm_campaign%3DMicrosoft%2520Sentinel%2520this%2520Week%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3DRevue%2520newsletter%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EMust%20Learn%20KQL%20learning%20series%3C%2FA%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3Eis%20an%20unequivocal%20success%20but%20more%20needs%20to%20be%20done.%20I%20outline%20in%20a%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fcda.ms%2F4jC%3Futm_campaign%3DMicrosoft%2520Sentinel%2520this%2520Week%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3DRevue%2520newsletter%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3Erecent%20post%3C%2FA%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3Ethe%20number%20of%20completion%20certificates%20I%E2%80%99ve%20handed%20out%20already%20and%20while%20that%20number%20is%20wonderful%2C%20more%20people%20need%20to%20get%20the%20message%20how%20important%20learning%20KQL%20really%20is.%3C%2FDIV%3E%0A%3CDIV%20class%3D%22revue-p%22%3ESo%2C%20the%20Must%20Learn%20KQL%20book%20is%20now%20available%20on%20Amazon!%3C%2FDIV%3E%0A%3CDIV%20class%3D%22revue-p%22%3E%3CSTRONG%3EKindle%20version%3A%3C%2FSTRONG%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Famzn.to%2F3MyMOOS%3Futm_campaign%3DMicrosoft%2520Sentinel%2520this%2520Week%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3DRevue%2520newsletter%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3Ehttps%3A%2F%2Famzn.to%2F3MyMOOS%3C%2FA%3E%3C%2FDIV%3E%0A%3CDIV%20class%3D%22revue-p%22%3E%3CSTRONG%3EPaperback%3A%3C%2FSTRONG%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Famzn.to%2F3sN8ajE%3Futm_campaign%3DMicrosoft%2520Sentinel%2520this%2520Week%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3DRevue%2520newsletter%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3Ehttps%3A%2F%2Famzn.to%2F3sN8ajE%3C%2FA%3E%3C%2FDIV%3E%0A%3CDIV%20class%3D%22revue-p%22%3E%3CSTRONG%3EHardcover%3A%3C%2FSTRONG%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Famzn.to%2F3yOAFRS%3Futm_campaign%3DMicrosoft%2520Sentinel%2520this%2520Week%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3DRevue%2520newsletter%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3Ehttps%3A%2F%2Famzn.to%2F3yOAFRS%3C%2FA%3E%3C%2FDIV%3E%0A%3CDIV%20class%3D%22revue-p%22%3EThis%20gives%20it%20a%20much%20wider%20audience%20and%20like%20everything%20that%E2%80%99s%20part%20of%20this%20learning%20series%2C%20any%20and%20all%20profit%20goes%20directly%20to%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fcda.ms%2F4jt%3Futm_campaign%3DMicrosoft%2520Sentinel%2520this%2520Week%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3DRevue%2520newsletter%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3ESt.%20Jude%20Children%E2%80%99s%20Research%20Hospital%3C%2FA%3E.%3C%2FDIV%3E%0A%3CDIV%20class%3D%22revue-p%22%3EI%20owned%20and%20sold%20an%20eBook%20publishing%20company%20(NetImpress)%20way%20back%20in%202004-2005%20before%20even%20Amazon%20had%20concocted%20its%20own%20eBook%20production%20methods.%20It%20was%20revolutionary%20at%20the%20time%20and%20most%20of%20what%20our%20company%20did%20had%20to%20be%20invented.%20And%2C%20while%20many%20of%20the%20same%20things%20I%20learned%20through%20NetImpress%20are%20still%20valid%20and%20useful%20today%2C%20there%20are%20many%20aspects%20that%20have%20changed%20or%20just%20didn%E2%80%99t%20exist.%20Developing%20and%20delivering%20Must%20Learn%20KQL%20series%20has%20been%20a%20pioneering%20experience%20on%20all%20the%20nuances%20of%20producing%20a%20learning%20series%20in%20this%20manner%20and%20I%20suspect%20others%20will%20take%20notice%20and%20begin%20duplicating%20my%20efforts.%3C%2FDIV%3E%0A%3CDIV%20class%3D%22revue-p%22%3EThere%20are%20some%20other%20things%20to%20tweak%2C%20but%20I%20do%20know%20that%20I%E2%80%99ll%20be%20doing%20it%20again%20with%20another%20series%20in%20the%20very%20near%20future.%20Stay%20tuned.%3C%2FDIV%3E%0A%3CDIV%20class%3D%22revue-p%22%3E%E2%80%A6%3C%2FDIV%3E%0A%3CDIV%20class%3D%22revue-p%22%3EThat%E2%80%99s%20it%20for%20now.%20Have%20a%20wonderful%20weekend%20and%20week%20ahead.%3C%2FDIV%3E%0A%3CDIV%20class%3D%22revue-p%22%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CDIV%20class%3D%22revue-p%22%3ETalk%20soon.%3C%2FDIV%3E%0A%3CP%3E%3CSPAN%3E-%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Ftwitter.com%2Frodtrent%3Futm_campaign%3DMicrosoft%2520Sentinel%2520this%2520Week%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3DRevue%2520newsletter%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3ERod%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EOriginal%20Post%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fsecurity-compliance-and-identity%2Fnew-blog-post-microsoft-sentinel-this-week-issue-62%2Fm-p%2F3406682%23M7389%22%20target%3D%22_blank%22%3ENew%20Blog%20Post%20%7C%20Microsoft%20Sentinel%20this%20Week%20-%20Issue%20%2362%20-%20Microsoft%20Tech%20Community%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-3406713%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EBlogs%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EContent%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EKQL%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EWhat's%20New%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Microsoft

AshleyMartin_0-1653062436142.png

Microsoft Sentinel this Week - Issue #62 | Revue (getrevue.co)

 

Happy Friday all!
 
Welcome to the 62nd issue of our fine Microsoft Sentinel newsletter. There’s lots of great content this week (as usual some would say) and only a couple additional things to highlight.
First off, of all places, I’m driving to Ft. Wayne, Indiana on Saturday. I’ll be driving 3 hours to make my session time for BSides Security Ft. Wayne. This is an annual security conference held at Sweetwater Sound. If you’re not familiar, Sweetwater is one of the largest music equipment distributors in the US. I’ve never been there before, but my youngest son (the drummer in the band, Urbania) loves the place and visits a couple times a year.
So, I’m really looking forward to talking about SOC Efficiency with this group. Wish me luck!
And if you happen to be attending this thing, let me know.
Due to the 3-hour drive each way, I probably won’t be hanging around for too long after I deliver my session.
And even if you can’t join in-person, you can join virtually:
We have a YAMS (Yet Another Microsoft Survey) this week. Help us help you!
Feedback for Microsoft Sentinel Tutorials
The Microsoft Sentinel engineering team is looking to improve and increase the list of Microsoft Sentinel tutorials that you can find at https://docs.microsoft.com/azure/sentinel/, under the section Tutorials (see picture in the first question). The tutorials are created to help customers who are either at the initial steps of their Microsoft Sentinel deployments, or expanding them, and who are looking for guidance on securing their most important scenarios. 
Respond here: https://cda.ms/4jM
Before leaving you to the newsletter content, I have one more big note.
The Must Learn KQL learning series is an unequivocal success but more needs to be done. I outline in a recent post the number of completion certificates I’ve handed out already and while that number is wonderful, more people need to get the message how important learning KQL really is.
So, the Must Learn KQL book is now available on Amazon!
Kindle version: https://amzn.to/3MyMOOS
This gives it a much wider audience and like everything that’s part of this learning series, any and all profit goes directly to St. Jude Children’s Research Hospital.
I owned and sold an eBook publishing company (NetImpress) way back in 2004-2005 before even Amazon had concocted its own eBook production methods. It was revolutionary at the time and most of what our company did had to be invented. And, while many of the same things I learned through NetImpress are still valid and useful today, there are many aspects that have changed or just didn’t exist. Developing and delivering Must Learn KQL series has been a pioneering experience on all the nuances of producing a learning series in this manner and I suspect others will take notice and begin duplicating my efforts.
There are some other things to tweak, but I do know that I’ll be doing it again with another series in the very near future. Stay tuned.
That’s it for now. Have a wonderful weekend and week ahead.
 
Talk soon.

-Rod

 

Original Post: New Blog Post | Microsoft Sentinel this Week - Issue #62 - Microsoft Tech Community

0 Replies