Microsoft Sentinel this Week - Issue #161

Stuff from Me

Happy Friday everyone! I hope your week was a good one.

I’m looking forward to visiting my best friend in Ohio Amish country this weekend to celebrate his birthday. If you’re not familiar with Amish areas of the US, it’s a very different world. It’s a much more relaxed environment, so visiting is always good for us to decompress from normal life. Funny enough, except for the horse and buggy and standard Amish styles, the approach to life reminds me very much of Hawaii where nothing is urgent and there are no emergencies. I can’t imagine, of course, the Amish wearing a Hawaiian shirt or hitting the beach, but they do have their own rituals. The Amish love their volleyball. This time of year, in the near 100F degree heat, you’ll often see full teams of Amish women wrapped in their long Amish dresses on a volleyball field serving, setting, and spiking with a competitive fervor for hours.

My friend and I always tend to get into something, so who knows what we’ll actually do this weekend. Last time we bought enough Tannerite to melt a small car, so we’ll probably focus on that once again. Our skill in this area needs some work as we were barely able to knock the top off a pumpkin or two.

On the way back we’re visiting my youngest son and his wife in Columbus, OH. His birthday is coming up next weekend, but he’s too busy to get together so we’ll celebrate early. Plus, its Father’s Day on Sunday and he said he has a gift for me. Long gone are the days of neckties and ashtrays, so Father’s Day gifts are much better than they were for my dad. But gift or not, I always look forward to being with my kids.

…

QUICK NEWSLETTER UPDATE: I mentioned a few newsletter issues ago that I’m planning to merge the Sentinel and Defender weekly newsletters. The necessity for this has become more and more evident and the pathway to do so is becoming even more clear.

Based on the poll last issue, I was actually surprised to find that the large majority of you subscribe to both newsletters anyway. So, this next week I will be merging the subscriber lists for the newsletters and revamping the format a little to accommodate including Sentinel content in the Defender newsletter.

Next Friday, we will continue on together through the Defender edition. If you’re one of the few that is not yet a subscriber of the Defender weekly edition, you can subscribe manually using the following option, or just allow the system to do it automatically.

Microsoft Defender Weekly Wrap

The weekly Microsoft Defender Weekly Wrap newsletter helps uncover the new and important features and news for Microsoft's Defender-branded security tools and also Entra and Purview.

By Rod Trent

At 161 issues (just over 3 years) the Sentinel newsletter has served this community well. But change is constant, and change is good in this case. As we see more and more content directed toward the unified Defender experience with Microsoft Sentinel sitting prominently in that console, it makes a lot of sense to follow suit.

…

That’s it from me for this week. Have a great weekend!

Talk soon.

-Rod

Stuff to Read

Microsoft Sentinel Sizing And Pricing – Optimize Costs And Enhance Security - When you first learn about Microsoft Sentinel, sizing, pricing, and planning can be complex. This article discusses and demonstrates what influences Microsoft Sentinel’s costs, different pricing models, archive and long-term retention options, and logs of how to estimate and measure spending over time. So, you can master Microsoft Sentinel, elevate it, and excel in deployment.

Debugging Playbooks - This article assumes knowledge of how to create Microsoft Sentinel Analytic Rules, Automation Rules, and playbooks. This blog post walks through one way to help debug a playbook.  There are other ways, including setting a variable to the different values, to help debug.

Stuff to Watch/Listen To

Stuff About Copilot for Security

Copilot for Security stuff now has its own bi-weekly newsletter!

THE PROMPT for Copilot for Security

THE PROMPT for Copilot for Security is a bi-weekly newsletter that covers Copilot for Security.

By Rod Trent

Stuff in Techcommunity

Parsing a Sentinel Alert through Logic App - I'm struggling with configuring a Logic App to be ran when a Sentinel alert is triggered. More specifically the details of the Sentinel alert being printed out via the Logic App.

Create an Incident when an email arrives, Downloading attachment and saving in a blob storage - I'm working on a Logic App in Azure Sentinel designed to automatically create incidents whenever an email arrives with a specific subject line. However, I'm encountering an error when trying to create the incident.