Hi, all! Welcome to the revamped newsletter!As I noted a couple weeks back, this newsletter will now cover all Defender-branded content and will deliver weekly instead of bi-weekly. So, while this is issue #13 of this newsletter edition you wouldn't be wrong if you reset the counter and started with #1.As you'll see below, the content is organized by Defender service and each leading title will be denoted for what the article contains, i.e., if it's a video, a blog post, an article, code, something new, or something else. I'm still working to improve as we go along, but these title "tags" should help.As always, though, if you have suggestions and recommendations, I'm always open to those. Reach out to me over Twitter: @rodtrent...One big thing of note this week that I don't want anyone to miss is that we are Deprecating the legacy SIEM API. This could have monumental impact for those organizations not using Microsoft Sentinel, but other products like Splunk, ArcSight, or QRadar. Some of these have add-ons that have been updated to support the new API, but some have not. If you're using any of these tools, make sure you don't miss out....It's been an awesome week here so far - well except for the grumblings of Spring. As I write this, we're expecting lots of rain and possible tornadoes this afternoon. I don't know about you, but I much prefer snow to the threat of bad weather. I completed the Must Learn KQL series this week. Part 20 was posted on Thursday. Next steps are to push the series to the official Microsoft Docs and then a Learn module. And, then in March, the advanced series, Addicted to KQL, will commence. After developing and delivering the first series that started back in November 2021, I'll need the short break before digging into advanced topics.Speaking of that, I'm asking for advanced KQL topics. The TOC that you see today...https://aka.ms/Addicted2KQL...was built entirely based on request. If you have advanced areas of KQL that you're interested in, let me know.That's it for this week. This newsletter will deliver every Friday from here on out. Enjoy!-Rod
Share this post
Microsoft Defender Weekly Wrap - Issue #13
Share this post
Hi, all! Welcome to the revamped newsletter!As I noted a couple weeks back, this newsletter will now cover all Defender-branded content and will deliver weekly instead of bi-weekly. So, while this is issue #13 of this newsletter edition you wouldn't be wrong if you reset the counter and started with #1.As you'll see below, the content is organized by Defender service and each leading title will be denoted for what the article contains, i.e., if it's a video, a blog post, an article, code, something new, or something else. I'm still working to improve as we go along, but these title "tags" should help.As always, though, if you have suggestions and recommendations, I'm always open to those. Reach out to me over Twitter: @rodtrent...One big thing of note this week that I don't want anyone to miss is that we are Deprecating the legacy SIEM API. This could have monumental impact for those organizations not using Microsoft Sentinel, but other products like Splunk, ArcSight, or QRadar. Some of these have add-ons that have been updated to support the new API, but some have not. If you're using any of these tools, make sure you don't miss out....It's been an awesome week here so far - well except for the grumblings of Spring. As I write this, we're expecting lots of rain and possible tornadoes this afternoon. I don't know about you, but I much prefer snow to the threat of bad weather. I completed the Must Learn KQL series this week. Part 20 was posted on Thursday. Next steps are to push the series to the official Microsoft Docs and then a Learn module. And, then in March, the advanced series, Addicted to KQL, will commence. After developing and delivering the first series that started back in November 2021, I'll need the short break before digging into advanced topics.Speaking of that, I'm asking for advanced KQL topics. The TOC that you see today...https://aka.ms/Addicted2KQL...was built entirely based on request. If you have advanced areas of KQL that you're interested in, let me know.That's it for this week. This newsletter will deliver every Friday from here on out. Enjoy!-Rod