Microsoft SIEM and XDR Weekly Wrap

Share this post

Microsoft SIEM and XDR Weekly Wrap
Microsoft SIEM and XDR Weekly Wrap
Microsoft Defender Weekly Wrap - Issue #54
Copy link
Facebook
Email
Notes
More

Microsoft Defender Weekly Wrap - Issue #54

Rod Trent
Dec 02, 2022

Share this post

Microsoft SIEM and XDR Weekly Wrap
Microsoft SIEM and XDR Weekly Wrap
Microsoft Defender Weekly Wrap - Issue #54
Copy link
Facebook
Email
Notes
More
Share

Happy Friday fine people!

We are so significantly close to the end of 2022. How has the year gone for you?

For me - like I'm sure everyone - there's been obvious ups and downs. But I have to say, the year has been mostly positive. I've enjoyed both my professional and personal lives. I've seen relationships both old and new grow and that has to be one of the best parts.

I was contacted out of the blue this past week by someone I haven't talked to in close to 10 years. He contacted me over LinkedIn and simply asked for my phone number. As a security person, I immediately thought his account had been hacked, so I ignored it. But after some persistence and additional context, I gave in, but still gave him a number that could be thrown away and recreated if needed. (wow...I have become THAT security person)

He called me during Wednesday night's Microsoft Security Insights show and so I had let it go to voicemail. Of course, my thinking was that he would think I was ghosting him on the phone as I had been on LinkedIn.

After the show, I called him back. Once we connected, it was as if it was 10 years ago again. We had a 2-hour conversation. And, if you know me (I hate talking on the phone - I believe it's an inefficient manner of communication) that is a long conversation.

But you know what? I really enjoyed it. It was comforting to know that people really don't change that much, and when we connect, we can connect in ways that transcend time, society, and the latest crazy thing.

As this holiday season kicks into high gear here shortly for many of us, I think that's something to remember. We all spend time with friends and family. Make the connection and bask in it. It's important.

...

So, the next couple weeks are busy for me. I'm off to Redmond next week to chat with a big customer and then spending time with Tanium in Milwaukee the week after for a partner event. In between, I have several sessions and webinars to deliver. But I'm steadily looking toward the goal of December 19th when I take my holiday time off in bulk.

I hope you are all also looking forward to this holiday season.

Talk soon.

-Rod

Things to Attend

Microsoft Security Insights Show Episode 131 - Nathan Swift, Security CSA, Micrsoft — www.youtube.com In this episode, we reconnect with past guest, Nathan Swift, for a catch-up. Nathan's been working with a myriad of things since last season including MDE, I...

The 2-Minute Recap: Everything new with Microsoft Security, compliance, and identity - Microsoft Community Hub — techcommunity.microsoft.com This monthly series features training content aligned to Microsoft Security, compliance, and identity (SCI) solutions on Microsoft Learn . This month is

‎Authorised Access on Apple Podcasts — podcasts.apple.com Authorised Access is a podcast from Microsoft ANZ about the cybersecurity challenges facing businesses today. On the show, you'll hear from leaders in cybersecurity, from Microsoft and beyond, as we explore high level strategies to help confront risk in your organisation. We are living in a multi-cl…

Things that are Related

The why and how of KQL with guest Rod Trent — www.youtube.com Have you heard of KQL or maybe Kusto?It is used in many products if you look closely and all who users Microsoft cloud products and need to analyze or hunt s...

Is MFA the Vegetable of Cybersecurity? — www.darkreading.com Multifactor authentification is crucial for creating a healthy cybersecurity posture, but many companies are slow to adopt.

Azure AD Identity Protection - Risky Workload alert e-mail notification | by Derk van der Woude | Dec, 2022 | Medium — derkvanderwoude.medium.com Let’s start with thanks and credits for the Azure AD Identity Protection product group for working closely together on the latest detection and remediation features. For our partner webinar Azure AD…

Azure AD Identity Protection Integrations with Microsoft Security Solutions – Sam's Corner — samilamppu.com Background Info - Inter-ConnectionsPortal ConvergenceWhat happens underneath the hoodWhat are IPC Detections?Real-time detectionsOffline detectionsIPC Detection ExamplesExample 1 - Anonymous IP address involving one userKey Takeaway:Example 2 - Multi-Stage incident involving initial access & credential access involving one user reported by multiple sourcesKey takeaway: Additional InformationMicrosoft Sentinel as a SIEM3rd Party SIEMSummary of the Azure AD…

Things in Techcommunity

app registrations - any way to prevent owners from changing / adding API permissions - Microsoft Community Hub — techcommunity.microsoft.com We would like to allow owners to update their client secrets / certs but prevent them from modifying or adding API permissions. Is there a way to modify

Help with CVE-2022-3602 OpenSSL - Microsoft Community Hub — techcommunity.microsoft.com Dear all, Microsoft Defender displays a notification for one device, see attachment. As I am no IT-specialist I checked all available information what to

Defender for Cloud Things

BLOG: The Complete Guide to Microsoft Defender for Cloud for SQL Servers on machines – blog.johnjoyner.net — blog.johnjoyner.net

Most organizations operate instances of Microsoft SQL Server in their on-premises and cloud networks. As more IT shops are investing in Microsoft’s cloud-native cybersecurity stack based on Microsoft Defender for Cloud and Microsoft Sentinel, a great opportunity leveraging Microsoft Azure Arc technology to extend protection to SQL Servers in any cloud is available. This article will describe why this is so important and of such high value, how to extend the protection into all your environments, and what alerting products you can expect from the solution.

Defender for Endpoint Things

BLOG: New network-based detections and improved device discovery using Zeek — techcommunity.microsoft.com Microsoft Defender for Endpoint is now integrated with Zeek, a powerful open-source network analysis platform.

Defender for IoT Things

BLOG/CODE: Defender for IOT PowerShell Module — www.linkedin.com

At this moment, there are API set available to get data out of Defender For IOT Sensosrs. Accessing & manageing the code to do so is likely to be a big task.

365 Defender Things

BLOG: Use Microsoft 365 Defender and Sentinel to Defend Against New Zero-Day Threats: Part II — practical365.com This article continues the discussion of the main steps needed to mitigate a zero-day threat Using Microsoft 365 Defender and Sentinel.

ARTICLE: Microsoft Defender protects Mac and Linux from malicious websites Now that attackers can phish employees on any device and try to extract credentials, endpoint protection has to cover more than just Windows.

Defender for Cloud Apps Things

BLOG: Microsoft Defender for Cloud Apps data protection series: Understand your data types — techcommunity.microsoft.com The second blog in our series helps shed light on when to use Microsoft Defender for Cloud Apps and Microsoft Purview to protect your data. In the first

Microsoft Entra Things

VIDEO: Overview of Microsoft Entra Permissions Management — www.youtube.com We're kicking off a number of activities for Entra Permissions Management. Join us for the overview stream!Nick Wryter - Senior Product ManagerTwitter: https...

BLOG: New Admin Center Unifies Azure AD with Other Identity and Access Products - Microsoft Community Hub — techcommunity.microsoft.com Microsoft’s vision for identity goes beyond traditional identity management to give our customers an entire toolset to secure access for everyone and

BLOG: Introducing Machine Learning based recommendations in Azure AD Access reviews - Microsoft Community Hub — techcommunity.microsoft.com Many of you are already using Azure AD access reviews to govern access of your employees, guests, and workload identities to sensitive resources. Over the

BLOG: Microsoft Entra Change Announcements – November 2022 Train - Microsoft Community Hub Hello everyone, Our change management announcements cover all changes across Microsoft Entra where we communicate product retirement news biannually and

BLOG: Implementing Zero Trust access to business data on BYOD with Trustd MTD and Microsoft Entra - Microsoft Security Blog — www.microsoft.com United Kingdom-based cybersecurity vendor Traced Mobile Security joined the Microsoft Intelligence Security Association (MISA) with the goal of transforming Zero Trust access to business data on mobile devices.

BLOG: Microsoft Entra Workload Identities now generally available - Microsoft Community Hub — techcommunity.microsoft.com As the growth of cloud continues, more workloads are moving to the cloud and new enterprise software solutions are being deployed natively in the cloud.

Defender EASM Things

VIDEO: Defender EASM | Defender for Cloud in the Field #21 — www.youtube.com In this episode of Defender for Cloud in the Field, Jamil Mirza joins Yuri Diogenes to talk about Microsoft Defender External Attack Surface Management (Defe...

Defender Vulnerability Management

BLOG: Firmware assessments support now in public preview in Microsoft Defender Vulnerability Management — techcommunity.microsoft.com Hardware and firmware assessments now available in Microsoft Defender Vulnerability Management

Share this post

Microsoft SIEM and XDR Weekly Wrap
Microsoft SIEM and XDR Weekly Wrap
Microsoft Defender Weekly Wrap - Issue #54
Copy link
Facebook
Email
Notes
More
Share

Discussion about this post

No posts

Ready for more?

© 2025 Rod Trent
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great culture

Share

Copy link
Facebook
Email
Notes
More