Microsoft SIEM and XDR Weekly Wrap

Share this post

Microsoft SIEM and XDR Weekly Wrap
Microsoft SIEM and XDR Weekly Wrap
Microsoft Defender Weekly Wrap - Issue #36
Copy link
Facebook
Email
Notes
More

Microsoft Defender Weekly Wrap - Issue #36

Rod Trent
Jul 29, 2022

Share this post

Microsoft SIEM and XDR Weekly Wrap
Microsoft SIEM and XDR Weekly Wrap
Microsoft Defender Weekly Wrap - Issue #36
Copy link
Facebook
Email
Notes
More
Share

Welcome to Friday, folks! We made it!

And, welcome to this issue of the weekly newsletter.

Last week, I mentioned my wife and youngest daughter were on their annual girl's trip. Thanks to all that reached out to give me some solace on missing them. I was actually pretty surprised by the responses. I guess you really do care!

I'm happy to say they returned safely on Monday, and I've had a full week of catching up on sleep.

...

This week there's one opportunity for you to make your voice heard and continue helping build the products and services of your dreams. This week's YAMS is all about multi-cloud workloads.

Discovery of Serverless Compute Workloads in Multi-Cloud Environments 

The Serverless Security team is building comprehensive Serverless Security coverage for our customers to secure Serverless workloads across all environments (Azure, AWS, GCP, on-premises). 

We are looking to learn what types of AWS/GCP workloads you have to help us understand what runtimes, configurations, or services to target first for our security scenarios. 

Survey link: https://rodtrent.com/0fy

...

I want to make sure to mention one thing this week. This community is, in part, fueled by the LinkedIn community groups. So, if you're looking for more content than just our weekly time together in this newsletter, you should join the groups on LinkedIn. There's a lot of additional engagement there, including the ability to ask questions and get answers pretty quickly.

The community groups membership continues growing by leaps and bounds so there's always someone available to engage with.

LinkedIn community groups...

Microsoft Defender: https://rodtrent.com/kqp

Microsoft Entra: https://rodtrent.com/h5c

...

I hope the week ahead is an exciting time for you.

Talk soon.

-Rod

Things to Attend

Upcoming Microsoft Security webinars

See the schedule: http://aka.ms/SecurityCommunity

Sign-up to be notified in email: https://aka.ms/SecurityEmailList

Things that are Related

Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits - Microsoft Security Blog — www.microsoft.com The Microsoft Threat Intelligence Center (MSTIC) and the Microsoft Security Response Center (MSRC) found a private-sector offensive actor (PSOA) using multiple Windows and Adobe 0-day exploits, including one for the recently patched CVE-2022-22047, in limited and targeted attacks against European and Central American customers. The PSOA, which MSTIC tracks as KNOTWEED, developed malware called Subzero which was used in these attacks.

Just what the heck is a “Buffer Overflow” anyway?! – Socialized Geek — www.socializedgeek.com Let me start this with a disclaimer; a warning; or maybe a promise: This is designed to be an accessible series that describes common software vulnerabilities, their effects, and potential mitigations. I’m writing this for myself as much as for others in the hope that it will simplify some of the concepts, code, and terms of art that come up in software and systems development.

Azure Red Team Attack and Detect Workshop — github.com

This is a vulnerable-by-design Azure lab, containing 2 x attack paths with common misconfigurations. If you would like to see what alerts your attack path vectors are causing, recommend signing up for a Microsoft E5 trial which has Microsoft Defender for Cloud as well as Azure AD premium P2 plan. Links for signing up to an Azure Developer account can be found in the resources.txt file.

Things in the News

Tiberium's cloud-native solutions deliver always-on business protection — www.technologyrecord.com Earlier this year, managed security service provider (MSSP) received a call from a panicked business owner dealing with a catastrophic business...

Things to Have

GitHub - DanielpFR/MDI — github.com In this documentation, we want to share some of useful Advanced Hunting KQL queries that you can use with the Microsoft 365 Defender portal available from https://security.microsoft.com.

Defender for Endpoint Things

BLOG: Announcing File page enhancements in Microsoft Defender for Endpoint — techcommunity.microsoft.com Users can now streamline processes by having a more efficient navigation experience that hosts all this information in one place.

VIDEO: Microsoft Defender for Endpoint CPU based Threat Detection of Ransomware | Intel Business — www.youtube.com Ransomware is a big concern for security decision makers. Learn about the new hardware assisted ransomware detection capabilities of Microsoft Defender for E...

Defender for Cloud Things

VIDEO: Improving Your Security Posture with Policy Enforcement and Governance — www.youtube.com Tuesday, July 26, 2022, 11:00 AM ET / 8:00 AM PT (webinar recording date) Microsoft Defender for Cloud Webinar | Improving Your Security Posture with Policy ...

BLOG: Demystifying Dependencies and Pricing of Microsoft Defender for Cloud Multi-Cloud Capabilities - Microsoft Tech Community — techcommunity.microsoft.com Introduction: Microsoft Defender for Cloud is a multi-cloud security solution. It provides native Cloud Security Posture Management (CSPM) capabilities

Microsoft Defender for IoT Things

VIDEO: Securing Critical Networks Through Microsoft Defender for IoT and Horizon DPI — www.youtube.com Wednesday, July 20, 2022, 11:00 AM ET / 8:00 AM PT (webinar recording date) Microsoft Defender for IoT Webinar | Securing Critical Networks Through Microsoft...

BLOG: Stream Microsoft Defender for IoT alerts to a 3rd party SIEM — techcommunity.microsoft.com Learn how to send Microsoft Defender for IoT alerts to third-party SIEMs such as Splunk, QRadar.

Microsoft 365 Defender Things

BLOG: Malicious IIS extensions quietly open persistent backdoors into servers - Microsoft Security Blog — www.microsoft.com Attackers are increasingly leveraging Internet Information Services (IIS) extensions as covert backdoors into servers, which hide deep in target environments and provide a durable persistence mechanism for attackers. While prior research has been published on specific incidents and variants, little is generally known about how attackers leverage the IIS platform as a backdoor.

DOC: Exposure score in Defender Vulnerability Management | Microsoft Docs — docs.microsoft.com The threat and vulnerability management exposure score reflects how vulnerable your organization is to cybersecurity threats.

Microsoft Purview Things

VIDEO: How to explore your data estate using the Microsoft Purview data catalog | Data Exposed — www.youtube.com Microsoft Purview is a unified data governance solution that helps you manage and govern your on-premises, multi-cloud, and software-as-a-service (SaaS) data...

NEW: Announcing machine learning features in Microsoft Purview Data Loss Prevention - Microsoft Tech Community — techcommunity.microsoft.com Gaining visibility into the type, volume, and location of sensitive data continues to be a challenge for most organizations, and hybrid work has

NEW: Public preview: Managed attributes in Microsoft Purview data catalog | Azure updates | Microsoft Azure — azure.microsoft.com Append organizational metadata to your technical assets by creating and applying managed attributes in the Microsoft Purview data catalog.

NEW: Generally available: Rich text editor in Microsoft Purview data catalog | Azure updates | Microsoft Azure — azure.microsoft.com Add rich text formatting to asset and term descriptions in the Microsoft Purview data catalog.

BLOG: Discover 5 lessons Microsoft has learned about compliance management - Microsoft Security Blog — www.microsoft.com Effective compliance and risk management are extremely important, and are possible. Microsoft is here to help if you’re looking to simplify your compliance management with technology solutions.

NEWS: Microsoft Ending the Windows Information Protection Service -- Redmondmag.com — redmondmag.com Microsoft on Thursday announced the gradual end of its Windows Information Protection (WIP) service, which is designed to keep users of Microsoft 365 apps from inadvertently disclosing organizational information.

BLOG: Announcing the sunset of Windows Information Protection (WIP) - Microsoft Tech Community — techcommunity.microsoft.com Certain capabilities within the solution known as Windows Information Protection (WIP), previously referred to as Enterprise Data Protection (EDP) will be

Defender for Business Things

BLOG: For SMBs, Microsoft offers a new layer of server protection | Computerworld — www.computerworld.com Microsoft this month unveiled a preview of server protection aimed at small and mid-sized businesses, bundling the added security with Microsoft Defender for Business.

Microsoft Entra Things

BLOG: Public Preview: Enhanced "My Apps" experience - Microsoft Tech Community — techcommunity.microsoft.com As we continue to expand the end-to-end capabilities of Microsoft Entra, we firmly believe that a strong Identity and Access Management implementation

Share this post

Microsoft SIEM and XDR Weekly Wrap
Microsoft SIEM and XDR Weekly Wrap
Microsoft Defender Weekly Wrap - Issue #36
Copy link
Facebook
Email
Notes
More
Share

Discussion about this post

No posts

Ready for more?

© 2025 Rod Trent
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great culture

Share

Copy link
Facebook
Email
Notes
More