New Blog Post | Microsoft Sentinel this Week – Issue #75
https://rodtrent.com/g1n We have one YAMS (yet another Microsoft survey) this week to give you some small way in contributing to the success of Microsoft Sentinel. Utilizing Network Data for Security Needs in Microsoft Sentinel The Microsoft Sentinel engineering team is exploring ways of expanding security coverage to customers by analyzing network flows, metadata, and patterns that can be collected from various network elements and service elements in estate. We ask for your help in understanding your security needs, practices, network infrastructure and current network telemetry collection methods to help us in this effort. To do so, simply complete this survey. Link to survey: https://rodtrent.com/ug5?utm_campaign=Microsoft%20Sentinel%20this%20Week&utm_medium=email&utm_source=Revue%20newsletter … In less than a year, the https://www.linkedin.com/groups/8768381/?utm_campaign=Microsoft%20Sentinel%20this%20Week&utm_medium=email&utm_source=Revue%20newsletter has grown to over 6,000 members. That in itself is pretty phenomenal. But the bigger number is the level of engagement. According to LinkedIn stats the level of engagement equals the following on monthly averages: 339,000 post views 165 comments 3,800 reactions We recently posted a survey to get a feel for where folks are most comfortable participating in community for Microsoft Sentinel and not surprisingly LinkedIn led the way. But some of the other areas may surprise some. Take a look at the survey results: https://rodtrent.com/bi8?utm_campaign=Microsoft%20Sentinel%20this%20Week&utm_medium=email&utm_source=Revue%20newsletterWe want your input: Azure Sentinel cost efficiencies survey
Survey Description The Azure Marketing team would like to hear from the Azure Sentinel community on the potential cost efficiencies Azure Sentinel has or can bring to organizations, so we can continue to develop a best in class value proposition for Azure Sentinel. Your feedback will solely be used for improving our product marketing efforts and ensuring the Azure Sentinel community is deriving the most value from the offering. Survey Requirements and Guidelines This survey should take approximately 5-6 minutes. There are no right or wrong answers to these questions. This is a publicly available survey, addressed to all our Azure Sentinel customers and partners. Please feel free to forward this survey link to any colleagues you think would be interested. Survey AccessNew Blog Post | Microsoft Sentinel this Week - Issue #58
Microsoft Sentinel this Week - Issue #58 | Revue (getrevue.co) Happy Friday everyone! Thanks to everyone that’s been here for a while and welcome to all the new subscribers this week. Before getting into the content of the newsletter, there’s a few things to highlight… … First off, we have a couple YAMS (yet another Microsoft survey). It’s getting near the end of the fiscal year at Microsoft, so expect a few more of these to filter through in the coming weeks as planning for product features and enhancements commences. Not that Sentinel isn’t already in a continual update cycle, just that there’s some decision points that need to be made and we need your help to decide where to focus. The first one is focused on the Out-of-the-box Content that Microsoft Sentinel provides. Microsoft Sentinel provides more than 100+ Solutions, 190+ data connectors and thousands of individual contents (workbooks, playbooks, watchlist, hunting queries, analytics rules etc.) available out of the box. Your feedback will help us better understand the content that is most useful to you and will help your experience with the product. Survey link: https://cda.ms/49p The second one, is about the URL detonation feature. Security operations center (SOC) analysts constantly face the challenge of determining where to focus. URL detonation in Microsoft Sentinel provides insights that can enable SOC analysts to triage alerts faster. For example, logs ingested by Microsoft Sentinel can contain URLs. For alerts that include a URL (e.g., a URL visited by a user from within the corporate network), that URL can be automatically detonated to gain added insight that can help accelerate the triage process. We are looking to better understand how you utilize the URL detonation feature for your investigation efforts and how we can improve the capability. Survey link: https://cda.ms/49q … Well, we made it. Myself and my colleagues kicked off the inaugural episode of the Microsoft Security Insights show on Microsoft Reactor Wednesday evening. The show was a good one. Some of you showed up for the live event and provided commentary and questions. I hope you enjoyed listening and watching. For those that missed it, the replay is available now. With Matt Soseman as our guest, the conversation turned to the obvious topics of Zero Trust and Identity security. Each time I talk to Matt, I feel like I’m smarter afterward. And I know you’ll feel that way, too. Catch the latest episode here: https://cda.ms/49r And you can prepare now for our next Microsoft Reactor episode on May 25th when our good friend and Microsoft Sentinel PM, Jing Nghik will be on. You can jump out and set a reminder to tune in here: https://cda.ms/49s … I have a few other things I wanted to chat about this week, but I’ll save that for next issue as I’m fighting through a head cold as I write this. Have a great week, everyone! Talk soon… -Rod Original Post: New Blog Post | Microsoft Sentinel this Week - Issue #58 - Microsoft Tech CommunityNew Blog Post | Microsoft Sentinel this Week – Issue #71
https://rodtrent.com/l9o First off, for planning purposes it would be great to get a feeling of your usage of ADX for Sentinel storage. Planning Feedback: Understanding ADX Usage If you have data stored in Azure Data Explorer (ADX), we would like to understand your use cases and feedback when it comes to querying data from ADX. This helps us understand your ADX usage and plan the future ADX capabilities with Microsoft Sentinel. Survey link: https://rodtrent.com/awo?utm_campaign=Microsoft%20Sentinel%20this%20Week&utm_medium=email&utm_source=Revue%20newsletter Secondly - and I know this is a big one for a lot of organizations - we’d love to get your feedback on the RBAC req’s for Microsoft Sentinel. Microsoft Sentinel RBAC Requirements We are looking to learn more about your experience with the existing Role-Based Access Control (RBAC) capabilities and explore opportunities for improvement. Please share any of your requirements for role or attribute-based access control (R/ABAC) for configuring your Sentinel workspaces, or accessing any of the content (Analytics, Watchlists, Automation Rules, etc.) within it. Survey link: https://rodtrent.com/3lf?utm_campaign=Microsoft%20Sentinel%20this%20Week&utm_medium=email&utm_source=Revue%20newsletter And, lastly (yes, there’s one more!) … Survey on Resiliency and BCDR Options for Microsoft Sentinel SIEMs are deemed to be mission critical systems that are essential in ensuring that the SOC remains operational in the event of any disruption. While the cloud provides inherent resiliency benefits, and the Microsoft Sentinel service is designed with internal resiliency and failover mechanisms, some Enterprises have expressed a desire to have additional Business Continuity and Disaster Recovery (BCDR) capabilities to increase resiliency. Given that Enterprises have varying BCDR objectives and have to strike a balance between (residual) risk, deployment complexity and cost - we would like to gather your feedback on what BCDR means to you, what is lacking, and how we can do better. Survey link: https://rodtrent.com/04u?utm_campaign=Microsoft%20Sentinel%20this%20Week&utm_medium=email&utm_source=Revue%20newsletterNew Blog Post | Microsoft Sentinel this Week – Issue #73
https://rodtrent.com/1s1 TechMentor is geared toward the IT Professional and will be held at the on-campus Microsoft conference center. Rod Trent will be bringing his own flavor of technical entertainment in a couple sessions: https://techmentorevents.com/Events/Redmond-2022/Sessions/Tuesday/TT05-A-Day-in-the-Life-of-an-Microsoft-Sentinel-Analyst.aspx?utm_campaign=Microsoft%20Sentinel%20this%20Week&utm_medium=email&utm_source=Revue%20newsletter https://techmentorevents.com/Events/Redmond-2022/Sessions/Wednesday/TW01-Using-Microsoft-Teams-as-Your-SOC-War-Room.aspx?utm_campaign=Microsoft%20Sentinel%20this%20Week&utm_medium=email&utm_source=Revue%20newsletter We’re looking for guidance on the future of automated capability for the Defender for IoT and Sentinel integration. Microsoft Defender for IoT Sentinel IT/OT Unified SOC Survey Defender for IoT’s built-in integration with Sentinel aims to bridge the IT and OT security gap so that SOC teams are able to resolve OT incidents more efficiently. We would like to learn what capabilities and data can help SOCs manage and resolve OT incidents and in particular, what automated responses playbooks templates might be helpful for your organization. Link to survey: https://rodtrent.com/lma?utm_campaign=Microsoft%20Sentinel%20this%20Week&utm_medium=email&utm_source=Revue%20newsletterNew Survey | URL Detonation | Microsoft Sentinel
aka.ms/urldetonationsurvey URL Detonation | Microsoft Sentinel How do you use URL Detonation for your investigation efforts? Security operations center (SOC) analysts constantly face the challenge of determining where to focus. URL detonation in Microsoft Sentinel provides insights that can enable SOC analysts to triage alerts faster. For example, logs ingested by Microsoft Sentinel can contain URLs. For alerts that include a URL (e.g., a URL visited by a user from within the corporate network), that URL can be automatically detonated to gain added insight that can help accelerate the triage process. We are looking to better understand how you utilize the URL detonation feature for your investigation efforts and how we can improve the capability. Could you please help us by filling this short 5-Minute survey? aka.ms/urldetonationsurvey Original Post: New Survey | URL Detonation | Microsoft Sentinel - Microsoft Tech CommunityImportant Roadmap Survey - Data Collection
Do you want to have a direct impact on our roadmap by sharing your priorities? We are starting our planning process and would love to have your input! The purpose of this survey is to collect as much feedback as possible from our most engaged users, in order to help us shape our data collection and normalization backlog, and ensure our backlog is prioritized and aligned by top customer needs. The survey will take approximately 10 minutes to complete. Thank you for participating, your feedback will be extremely helpful. Azure Sentinel Data Collection PM team. Survey Link: https://aka.ms/SentinelDataCollectionSurvey2020New Survey | Microsoft Sentinel Out of the Box Content Survey
Microsoft Sentinel Out of the Box Content Survey Help us understand the content that is most useful to you! Microsoft Sentinel provides more than 100+ Solutions (refer to https://docs.microsoft.com/en-us/azure/sentinel/sentinel-solutions-catalog), 190+ data connectors and thousands of individual contents (workbooks, playbooks, watchlist, hunting queries, analytics rules etc.) available out of the box. Your feedback will help us better understand the content that is most useful to you and will help your experience with the product. This information will be used to prioritize our roadmap appropriately. We are committed to reviewing every data point in detail and we will get back to you if we have questions. https://aka.ms/SentinelContentFeedback Original Post: New Survey | Microsoft Sentinel Out of the Box Content Survey - Microsoft Tech CommunityNew Blog Post | Microsoft Sentinel this Week - Issue #60
Microsoft Sentinel this Week - Issue #60 | Revue (getrevue.co) Happy Friday all! I’m out and about this week at an in-person conference at the Mall of America in Bloomington, MN. It’s been a fantastic week talking about Defender for Cloud and Microsoft Sentinel to a group of folks that aren’t normally focused on security. There’s real interest in how Microsoft security offerings can bolster a career and can be integrated with current workloads without overwhelming. I’ll have more to share about this week’s experiences in next week’s newsletter. … We have a couple new surveys this week that I know is of interest to a large number of people. For the first one, I published a Playbook template for sending a daily email of Sentinel Incidents recently that a lot of you found useful. We’re trying to simplify this capability because it is so popular and valuable. From the product team: Today, emails can be sent automatically when incidents and alerts are created using playbooks. There are playbook templates ready-to-use, which leverage the Outlook Logic Apps connector. Using playbooks for sending emails has great benefits: It allows full customization of the email message and advanced capabilities such as approvals. On the other hand, we hear customer challenges using this method. We are looking to allow customers to easily send emails by Automation Rules. We are seeking to learn about real-life email-scenarios to make sure we design the feature to fit your needs. We appreciate your feedback on our form. We are committed to reviewing every data point in detail and we will get back to you if we have questions. Please note that in some cases, platform limitations prevent us from developing an integration. Also, we may have limited resources, so not every request will be prioritized. Participate in the following survey: Send email from automation rules The second one is focused on Microsoft Sentinel Fusion. Microsoft Sentinel uses Fusion, a correlation engine based on scalable machine learning algorithms, to automatically detect multistage attacks by identifying combinations of anomalous behaviors and suspicious activities that are observed at various stages of the kill chain. On the basis of these discoveries, Microsoft Sentinel generates incidents that would otherwise be difficult to catch. These incidents comprise two or more alerts or activities. By design, these incidents are low-volume, high-fidelity, and high-severity. More information about Fusion: https://aka.ms/SentinelFusion How Fusion works: https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/behind-the-scenes-the-ml-approach-for... As we continue to expand the Fusion coverage to help you detect emerging and advanced attacks, and improve the experiences to help you speed up the investigation, we’d like to learn more from you. In this survey, we’d like to get your perspectives on: Fusion detection Customization/configuration options for Fusion You can participate in this one here: Microsoft Sentinel Fusion Survey … Lastly, I had awesome discussions with customers this week. Delivering Microsoft Sentinel sessions to a group of folks who have zero knowledge of the product was absolutely rewarding. I could see lightbulbs go off as I was describing the features and value. One individual - experienced with “other” SIEMs who is now sold on Sentinel - invented a new tagline which has now been turned into a T-shirt. I present, the “My SOC Doesn’t SUC” T-shirt: https://cda.ms/4dB All proceeds go to St. Jude. … That’s it for me for this week. It’s time to pack up and head home. Talk soon. -Rod
New Survey | M365 Defender & Sentinel Feature Roadmap Survey for CY24H1
We need your feedback! Help guide the direction of our products and the feature development planning for the next semester (H1 2024). As part our planning cycle, we seek feedback from our customers to evaluate the direction of our solutions, and the set of features that we plan to invest on. Your input is invaluable to make sure we are on the right track and doing the right investments. Do you want to influence the product design by providing your feedback, insights, and recommendations for improvement? We'd love to hear from you in this survey! Your valuable insights will directly influence our product development decisions. Thank you for being an engaged customer and for helping us in our journey to deliver the best user experience possible. Survey Link: https://ncv.microsoft.com/tLpmlYUnUG
