Microsoft SIEM and XDR Weekly Wrap - Issue #15

Conferencing

Oct 04, 2024

Things from Me

Happy Friday, folks!

Are you ready for Microsoft Ignite? Microsoft Security will be in the spotlight for this event in Chicago! The session catalog is brimming with several great Security sessions that promise to deliver insightful and valuable content. These sessions are designed to keep you at the forefront of security innovation and best practices. The catalog is not available yet but will be in short order.

Throughout the week, don't miss the community area where we'll have a tabletop dedicated to Microsoft Security topics. This is your chance to engage with experts and peers, share experiences, and discuss the latest in security. And - incidentally - this is where you’ll find me the majority of the time.

And of course, there will be a hefty chunk of cool Microsoft Security announcements that you won't want to miss. To ensure you catch all the post-Microsoft Ignite updates and insights, make sure to watch here. Stay tuned for an event packed with learning and innovation!

…

Just prior to Ignite this year, I’ll be in-person in Ft. Lauderdale, Florida at the Midwest Management Summit (MMS) Flamingo edition. I know I’ll be seeing some of you there, but here’s how to catch me…

I’ll be signing and giving away Microsoft Press KQL books, signing my fiction books, catching up with the community, and delivering a couple sessions:

Mastering KQL: Interactive Learning and Practical Application
Enhancing Threat Hunting Efficiency with Copilot for Security

Check out the entire session list: https://mmsmoa.com/sessions/mms-2024-flamingo-edition-sessions

…

Talk soon.

-Rod

Things to Attend

Webinar: US Presidential Election: Cyber Threats Readiness and Resilience - Wed, Oct 09 - 10:30 AM - 11:30 AM EDT - Cyber threats to the US presidential election and the electoral system pose significant risks, potentially undermining public trust and influencing outcomes. Join us for an engaging fireside chat where leading experts will discuss the current landscape of cyber threats targeting US elections and explore strategies to safeguard our democratic processes.

Things that are Related

Welcome to Cybersecurity Awareness Month 2024 - Every October, Cybersecurity Awareness Month serves as a reminder of the importance of safeguarding our digital lives. Initiated in 2004 by the National Cyber Security Alliance and the U.S. Department of Homeland Security, this annual event is dedicated to raising awareness about the significance of cybersecurity and providing resources to help individuals and organizations stay secure online.

Developer insights: Building resilient end-to-end security - Cybersecurity is more than just a technical requirement for any organization; it’s essential for survival. Like the delicate balance of a coral reef, our digital ecosystems must adapt and strengthen to withstand evolving threats. Corals face threats like bleaching from temperature changes, pollution, and disease. Similarly, digital ecosystems battle sophisticated cyberattacks, ransomware, and evolving malware. The resilience of an organization’s cybersecurity infrastructure is critical, and an end-to-end approach is the key to ensuring its health and stability. This blog post kicks off a series exploring how Microsoft Security is transforming security platforms with practical, end-to-end security solutions for developers.

Keep your online activity safer on public Wi-Fi with Microsoft Defender for individuals - Microsoft Defender for individuals aims to provide a safer online experience wherever you go and late last year, we introduced privacy protection (VPN) , so you can browse without having to worry about your personal data being intercepted over an unsecure Wi-Fi connection

Things to Watch/Listen To

The Microsoft Security Insights Show

Microsoft Security Insights Show Episode 229 - Armor Defense

Join us this episode as we welcome Miguel Clarke, Cybersecurity and GRC Evangelist with MISA member Armor Defense. As a trusted partner to more than 1,500 firms in over 40 countries, Armor offers cybersecurity and compliance consulting, professional services, and managed services. Armor’s industry-leading experts leverage non-proprietary frameworks and …

Listen now

a month ago · Rod Trent

Things in Techcommunity

Hide protection history from users - I am trying to find a way to disable our users ability to release files from quarantine in 'protection history'. For example, if a user downloads a malware or creates an EICAR file, it gets quarantined by Defender. From here, the user has the ability to release the file from 'Protection History'. I am trying to remove this ability.

Automation rule based on a specific Security Alert - is it possible to apply automation rules on particular Security Alerts?

Copilot for Security Things

Microsoft Sentinel Things

Integrating Defender EASM With Microsoft Sentinel Guide - Microsoft Defender External Attack Surface Management (EASM) provides organizations with a comprehensive view of their digital attack surfaces. It discovers known and unknown resources, from web pages to IP addresses and domains, helping prioritize risks and defend against potential threats.

Level Up Your Security Skills with the New Microsoft Sentinel Ninja Training! - If you’ve explored our Microsoft Sentinel Ninja Training in the past, it’s time to revisit! Our training program has undergone some exciting changes to keep you ahead of the curve in the ever-evolving cybersecurity landscape.

TLS for Sentinel Syslog CEF Data connector(Secure Transfer of logs to Sentinel Log analytics workspace) - Sentinel Data connector Syslog CEF is a feature that allows you to collect data from various sources using the Common Event Format (CEF) or Syslog protocols and send it to Azure Sentinel, a cloud-native security information and event management (SIEM) solution. By using this connector, you can integrate your existing security tools and devices with Sentinel and gain more visibility and insights into your network and security events.

Defender for Endpoint Things

Security settings management is available for multi-tenant environments in Microsoft Defender XDR - Several months ago, we released device security settings management within Microsoft Defender XDR. This experience enables security administrators to configure Microsoft Defender for Endpoint security settings for devices on all platforms (including Windows, Linux, and Mac) without having to leave the Defender portal. The streamlined portal experience breaks down the wall between Security and IT teams by presenting a shared view for both, making it easier for security administrators to strengthen the security posture of their devices.

How collaborative tools can improve security and prevent attacks - The reality of modern threats is they are increasingly multi-vector and multi-phasic, so it’s natural that multiple tools are necessary. One problem is that, even though an individual tool may be excellent for a specific job, it works independently with little or no collaboration. This creates blind spots that persistent, sophisticated attackers will eventually discover and exploit.

Defender Experts Things

When and How to Determine If You Need to Outsource Your Security Operations Center Operations - Cyber threats are becoming increasingly sophisticated and frequent and maintaining a robust Security Operations Center (SOC) is paramount for any organization. However, managing a SOC is resource-intensive, requiring specialized skills, continuous monitoring, and significant investment. This raises an important question: When and how should an organization determine whether to outsource some or all of its SOC operations?

Microsoft Purview Things

Safeguarding Against Risks in the Age of Generative AI - A new frontier has emerged: Generative AI. This cutting-edge technology has the remarkable ability to create original content, from text and images to audio and video, by learning from vast amounts of data. While Generative AI holds immense potential for innovation and creativity, it also introduces new challenges and risks in the realm of data security.

Making Searching and Curating Data Assets in Microsoft Purview easier - Currently, IT infrastructure stores and maintains data assets, even though IT doesn't own or use the data. There's a disconnect between how data needs to be discovered and maintained within the business, and the teams that maintain it. Without standardized procedures for data governance, data handling often relies on manual processes, leading to inefficiencies, data loss, insufficient data protection and higher operational costs.

Introducing Microsoft Purview Data Security pay-as-you-go pricing for your non-Microsoft 365 data - Microsoft Purview is an extensive set of solutions that can help organizations secure and govern their data, wherever it lives. The unification of data security and governance capabilities in Microsoft Purview reflects our belief that our customers need a simpler approach to data. Microsoft Purview Data Security helps customers dynamically secure their data across its lifecycle by combining data context with user context.

Defender Threat Intelligence Things

MDTI for Government Now Available - We are thrilled to introduce Microsoft Defender Threat Intelligence (MDTI) with FedRAMP High (DOD IL2) attestation are now available for government sectors. Customers across U.S. state, local, and tribal governments utilizing GCC services can now purchase MDTI and the MDTI API SKUs to unmask adversaries and understand their organization’s security posture against threats.

New Copilot for Security Plugin Name Reflects Broader Capabilities - The Copilot for Security team is continuously enhancing threat intelligence (TI) capabilities in Copilot for Security to provide a more comprehensive and integrated TI experience for customers. We're excited to share that the Copilot for Security threat Intelligence plugin has broadened beyond just MDTI to now encapsulate data from other TI sources, including Microsoft Threat Analytics (TA) and SONAR, with even more sources becoming available soon.