Survey: SIEM & XDR Scenarios We Should Add to Microsoft Applied Skills
Note: This survey is anonymous. Take the survey here: https://forms.office.com/r/zicgJDaAFU About In November 2023, Microsoft launched the Applied Skills program (https://learn.microsoft.com/credentials/support/appliedskills-process-overview), giving users access to virtual Microsoft Azure environments where you can learn from a library of scenarios, and practice through learning exercises. Learning exercises are graded for the purpose of rewarding the user with a credential to show their accomplishment. We in the SIEM & XDR Team at Microsoft, want to create a library of Microsoft Sentinel and Microsoft XDR scenarios. With that, we would like to ensure that we are providing learning content that is best suited for our users. To help us, please complete this survey with what you feel is most valuable for you or your colleagues. We look forward to your input. The Microsoft SIEM & XDR Team Microsoft respects your privacy. Review our online Privacy Statement here: https://privacy.microsoft.com/en-us/privacystatement
New Survey | M365 Defender & Sentinel Feature Roadmap Survey for CY24H1
We need your feedback! Help guide the direction of our products and the feature development planning for the next semester (H1 2024). As part our planning cycle, we seek feedback from our customers to evaluate the direction of our solutions, and the set of features that we plan to invest on. Your input is invaluable to make sure we are on the right track and doing the right investments. Do you want to influence the product design by providing your feedback, insights, and recommendations for improvement? We'd love to hear from you in this survey! Your valuable insights will directly influence our product development decisions. Thank you for being an engaged customer and for helping us in our journey to deliver the best user experience possible. Survey Link: https://ncv.microsoft.com/tLpmlYUnUGNew Survey | UEBA Engine
Our Sentinel engineering group is looking for your input for our UEBA engine. Please reserve about fifteen minutes to respond to this survey. As a preparation for the next semester of engineering work, we want to understand more about your use in the UEBA capabilities space and how we can make it more relevant and focused for your needs. Find our survey here. Original Post: New Survey | UEBA Engine - Microsoft Tech Community
New Blog Post | Microsoft Sentinel this Week – Issue #75
Microsoft Sentinel this Week – Issue #75 - Azure Cloud & AI Domain Blog (azurecloudai.blog) We have one YAMS (yet another Microsoft survey) this week to give you some small way in contributing to the success of Microsoft Sentinel. Utilizing Network Data for Security Needs in Microsoft Sentinel The Microsoft Sentinel engineering team is exploring ways of expanding security coverage to customers by analyzing network flows, metadata, and patterns that can be collected from various network elements and service elements in estate. We ask for your help in understanding your security needs, practices, network infrastructure and current network telemetry collection methods to help us in this effort. To do so, simply complete this survey. Link to survey: https://rodtrent.com/ug5 … In less than a year, the LinkedIn community group for Microsoft Sentinel has grown to over 6,000 members. That in itself is pretty phenomenal. But the bigger number is the level of engagement. According to LinkedIn stats the level of engagement equals the following on monthly averages: 339,000 post views 165 comments 3,800 reactions We recently posted a survey to get a feel for where folks are most comfortable participating in community for Microsoft Sentinel and not surprisingly LinkedIn led the way. But some of the other areas may surprise some. Take a look at the survey results: https://rodtrent.com/bi8New Blog Post | Microsoft Sentinel this Week – Issue #74
Microsoft Sentinel this Week – Issue #74 - Azure Cloud & AI Domain Blog (azurecloudai.blog) Rod is just getting back into the office from a very successful TechMentor conference at the Microsoft campus in Redmond. He delivered two sessions on Microsoft Sentinel, and both went off without a hitch. On Tuesday it was “A Day in the Life of a Sentinel Analyst.” On Wednesday, he started the day with “Using Microsoft Sentinel and Microsoft Teams as a SOC War Room.” The “Day in the Life…” is always different, though he has delivered this concept before. He keeps updating it to include all the new features we roll out constantly. The SOC War Room is a new topic and could be the first of its kind. But it was so well received he will be building this out for much broader distribution and delivery. This session talks about using Microsoft Sentinel to identify when a war room is necessary and then using the magic of Microsoft Teams to connect the right people virtually. It also goes into the various roles and skillsets required for each type of War Room situation. If you had to choose TWO places to go to participate in the Microsoft Sentinel community, what would they be? Survey link: https://forms.office.com/r/wQ9zFqUg1LNew Blog Post | Microsoft Sentinel this Week – Issue #73
Microsoft Sentinel this Week – Issue #73 - Azure Cloud & AI Domain Blog (azurecloudai.blog) TechMentor is geared toward the IT Professional and will be held at the on-campus Microsoft conference center. Rod Trent will be bringing his own flavor of technical entertainment in a couple sessions: A Day in the Life of a Microsoft Sentinel Analyst Using Microsoft Teams as the Microsoft Sentinel War Room We’re looking for guidance on the future of automated capability for the Defender for IoT and Sentinel integration. Microsoft Defender for IoT Sentinel IT/OT Unified SOC Survey Defender for IoT’s built-in integration with Sentinel aims to bridge the IT and OT security gap so that SOC teams are able to resolve OT incidents more efficiently. We would like to learn what capabilities and data can help SOCs manage and resolve OT incidents and in particular, what automated responses playbooks templates might be helpful for your organization. Link to survey: https://rodtrent.com/lmaNew Blog Post | Microsoft Sentinel this Week – Issue #71
Microsoft Sentinel this Week – Issue #71 - Azure Cloud & AI Domain Blog (azurecloudai.blog) First off, for planning purposes it would be great to get a feeling of your usage of ADX for Sentinel storage. Planning Feedback: Understanding ADX Usage If you have data stored in Azure Data Explorer (ADX), we would like to understand your use cases and feedback when it comes to querying data from ADX. This helps us understand your ADX usage and plan the future ADX capabilities with Microsoft Sentinel. Survey link: https://rodtrent.com/awo Secondly - and I know this is a big one for a lot of organizations - we’d love to get your feedback on the RBAC req’s for Microsoft Sentinel. Microsoft Sentinel RBAC Requirements We are looking to learn more about your experience with the existing Role-Based Access Control (RBAC) capabilities and explore opportunities for improvement. Please share any of your requirements for role or attribute-based access control (R/ABAC) for configuring your Sentinel workspaces, or accessing any of the content (Analytics, Watchlists, Automation Rules, etc.) within it. Survey link: https://rodtrent.com/3lf And, lastly (yes, there’s one more!) … Survey on Resiliency and BCDR Options for Microsoft Sentinel SIEMs are deemed to be mission critical systems that are essential in ensuring that the SOC remains operational in the event of any disruption. While the cloud provides inherent resiliency benefits, and the Microsoft Sentinel service is designed with internal resiliency and failover mechanisms, some Enterprises have expressed a desire to have additional Business Continuity and Disaster Recovery (BCDR) capabilities to increase resiliency. Given that Enterprises have varying BCDR objectives and have to strike a balance between (residual) risk, deployment complexity and cost - we would like to gather your feedback on what BCDR means to you, what is lacking, and how we can do better. Survey link: https://rodtrent.com/04uNew Blog Post | Microsoft Sentinel this Week – Issue #70
Microsoft Sentinel this Week – Issue #70 - Azure Cloud & AI Domain Blog (azurecloudai.blog) This week, we have a couple YAMS (yet another Microsoft survey) for your participation enjoyment. 1. Threat Intelligence Content and Consumption Survey The purpose of this form is to gather feedback on the types of threat intelligence reporting that our community is most interested in receiving in terms of both content and format. The questions are geared towards organizations that have individuals formally in threat intelligence analyst roles. Participate in the survey here: https://rodtrent.com/d60 2. Help Us Prioritize OT and ICS Connectors for Microsoft Sentinel With attacks targeting Operational Technology (OT) and Industrial Control Systems (ICS) environments increasing exponentially, we are focusing on developing connectors to bring their security data into Microsoft Sentinel. Our goal is to help you enhance your security monitoring, detection, and proactive threat hunting capabilities. In this survey we have a list of vendors, and some of their products, for which we are considering building connectors for Microsoft Sentinel. Your response to this survey will help us gauge which connectors would be the most useful for our customers, and thus help us prioritize our work. Participate in the survey here: https://rodtrent.com/sacNew Blog Post | Microsoft Sentinel this Week – Issue #69
Microsoft Sentinel this Week – Issue #69 - Azure Cloud & AI Domain Blog (azurecloudai.blog) Logic Apps Standard integration into Microsoft Sentinel is now in General Availability (GA). For more information about this, why it’s important, and how it might impact you, see the following: Blogpost Automate threat response with playbooks in Microsoft Sentinel Single-tenant versus multi-tenant and integration service environment for Azure Logic Apps We are inviting everyone to participate in the annual IT Skills and Salary Survey led by Skillsoft. Think about how has Microsoft training and certification impacted your career? Survey is here: https://rodtrent.com/elcNew Blog Post | Microsoft Sentinel this Week - Issue #64
Microsoft Sentinel this Week - Issue #64 | Revue (getrevue.co) Happy Friday everyone! This week marks the weekend just before the RSA conference kicks off. I’ll be there. I leave for an early flight on Sunday around 4am. I’m already kicking myself knowing how tired I’ll be when I arrive in San Francisco. But Sunday is big and a fully scheduled day for me. So, no rest for the weary - as they say. If any of you will be attending next week, feel free to hunt me down or look me up. I’ll be primarily in the Microsoft areas - the expo included. I won’t be hard to find. I’ll be the person sitting or standing next to a big stack of empty coffee cups. And, if you happen to bring along a copy of the Must Learn KQL book (paperback or hardcover), I’ll be happy to sign it and sit around to talk Microsoft security. … Wouldn’t it be nice to be able to multi-select Microsoft Sentinel Analytics Rules templates in the UI and enable them all at once with a big Enable ALL button? This is something that has been suggested for a long while and it still doesn’t exist yet. You can help drive this feature. If you feel this is something that would provide value to you, drop out to the following link and vote-up the Uservoice suggestion. In just a few days this request has 44 votes and 9 comments, making it the 2nd most requested new feature ever. Let’s make it number 1! Enable multiple analytics rules in the GUI https://cda.ms/4mN … The newsletter wouldn’t be complete it seems these days unless there’s a survey or two. TJ Banasik and Lili Davoudian were on the Microsoft Security Insights show on Wednesday evening to talk about some of their recent Microsoft Sentinel Solutions releases. One of those is the Zero Trust solution for Microsoft Sentinel which is absolutely amazing and impactful. Within the Workbook for this solution there’s a link to provide feedback. This is your chance to show your appreciation for TJ’s and Lili’s efforts just by participating to provide feedback. Microsoft Sentinel: Zero Trust (TIC 3.0) Solution survey: https://cda.ms/4pr … I’m really looking forward to the RSA conference next week. But even more than the conference itself, I’m really looking forward to connecting with this community there and I’d be sad and disappointed if you didn’t make the effort to at least say “Hi.” So, please, PLEASE look me up. I’ll be away from my family for the long week and your connection and conversation will help it go so much faster. Talk soon. -Rod Original Post: New Blog Post | Microsoft Sentinel this Week - Issue #64 - Microsoft Tech Community
