Microsoft SIEM and XDR Weekly Wrap - Issue #20
Thankscoming
Things from Me
Happy Friday everyone!
With Microsoft Ignite 2024 week upon us, I want to extend my wish that if you’re attending in-person, please find me and introduce yourself. It really means a lot to me when I travel and hear from folks that I talk to every single week yet never get a chance to hear back. So, if you’re in Chicago next week for Microsoft Ignite, look me up.
I really won’t be that hard to find, I will be close to any of the locations on this list: Know Before You Go: Security Copilot at Microsoft Ignite 2024
…
BIG NOTE: As you can imagine, due to the busyness of Ignite next week, this newsletter will not deliver. In fact, due to Ignite week and then the Thanksgiving holiday the week after that, this newsletter will not deliver for 2 weeks straight! Sorry about that, but this time of year gets a bit crazy with work and necessary holiday downtime when I always prioritize time with family and friends. And to add to that, I will also be traveling to Toronto to speak for the Microsoft AI Tour the first week of December. But you can expect the newsletter to resume that week.
So, unless I see you next week, this is my official Happy Thanksgiving to all of you. I truly hope you take some time off to decompress, be thoughtful, and are able to enjoy thankfulness for the things you have.
…
When I return from the Thanksgiving holiday, we are hosting an AMA for post-Ignite announcements. Make sure you button this into your schedule.
Once again, this year after Ignite Microsoft's Tech Community platform will be hosting a live Ask Microsoft Anything event on December 3rd. You can bring all your questions about topics from Ignite like Exposure Management, Copilot for Security, AI, and more!
Learn more and register at https://aka.ms/TCL/Security
…
Thanks to everyone for their overwhelming comments and reviews for my fiction books! On that note, I have another book due to release on December 1st!
Mistaken for Dead: Rebellion of the Reanimated is a different take on zombie books. If you’re a zombie action fan, you might like it.
That’s it from me for this week.
Talk again in a couple weeks.
-Rod
Things to Attend
Next Generation SOC powered by Microsoft Sentinel - Wed, Dec 4, 2024 10:00 AM GMT (5:00 AM EST) - Discover the future of Security Operations Centers (SOCs) with Microsoft Sentinel and XDR solutions in our upcoming webinar. Our panel of experienced industry leaders will provide a high-level overview of how these tools utilize AI and machine learning for advanced threat detection and response. Hear real-world examples and gain insights into the implementation, challenges, and best practices of adopting next-generation SOC solutions.
Things that are Related
The Cumulative Impact of Incremental Changes on Security Posture: A Major Cause of Security Drift - One concept that often goes unnoticed is the insidious effect of incremental changes on an organization's security posture. While these small adjustments may seem harmless on their own, their cumulative impact over time can significantly weaken security defenses, leading to a phenomenon known as security drift. This blog post delves into how seemingly minor modifications can collectively erode security measures and why it is crucial to remain vigilant against this silent threat.
Discover our latest Microsoft Security training on Microsoft Learn - Keeping pace with security challenges, business needs, and evolving technology starts with current insights—which is why we’re glad to share these new Microsoft Security skill-building resources and offerings.
Love the Kusto Detective Agency? Give us some feedback to help us prepare for the next season: https://aka.ms/KustoSeasonSurvey
Things to Watch/Listen To
Copilot for Security Things
Microsoft Sentinel Things
Integrating PowerShell Logging into Microsoft Sentinel - PowerShell is a critical tool in any security team and IT admin’s arsenal, offering powerful scripting capabilities for automating tasks across both on-premises and cloud environments. However, its flexibility makes it an attractive target for attackers seeking to run malicious scripts. Monitoring PowerShell activity is vital for identifying suspicious behavior early, and Microsoft Sentinel offers advanced capabilities for detecting, analyzing, and responding to PowerShell-based threats.
PowerShell script to update retention for all tables in a Log Analytics Workspace
Defender for Endpoint Things
Automated Configuration - This is a collection of commands that will help automate the configuration of the Defender for Endpoint settings. To use this, you must obtain the sccauth value and xsrf-token value from the browser and use it to create cookies and headers for our API calls. This is because we are using an internal API to configure settings, and there isn't a public way to get the right tokens.
Defender Experts Things
From prevention to recovery: Microsoft Unified’s holistic cybersecurity approach - As digital threats continue to evolve, it is increasingly apparent that organizations need robust cybersecurity measures to protect their financial stability, brand, and operational integrity.
Defender for Office Things
Create targeted attack simulation training campaigns with dynamic groups - We’re excited to announce dynamic targeting for Attack simulation training in Defender for Office 365. You can now use the Microsoft 365 group – dynamic membership type created in Microsoft Entra admin center to define the recipients of your simulations and training campaigns.