Microsoft Defender Weekly Wrap – Issue #54

========================= [Want to discuss this further? Hit me up on Twitter or LinkedIn] [Subscribe to the RSS feed for this blog] [Subscribe to the Weekly Microsoft Sentinel Newsletter] [Subscribe to the Weekly Microsoft Defender Newsletter] [Learn KQL with the Must Learn KQL series and book]

Building Your Own Potential Malicious Events Heatmap for Microsoft Sentinel

With the new entry point actively rolling out to Microsoft Sentinel environments (see: There‚Äôs a New Microsoft Sentinel Entry Page in Town), some organizations are wishing they could at least retain the heatmap from the original console layout. According to most, the rest of the new UI is valuable and likeable, but the heatmap is … Continue reading Building Your Own Potential Malicious Events Heatmap for Microsoft Sentinel

Building Microsoft Sentinel Incident Tasks Recipes

Today, we announced a new feature in public preview called Incident Tasks. Incident Tasks allow organizations to develop a recorded encyclopedia of methods they commonly use to approach specific events in their environment. This enables the security teams to work better and more efficiently and allows all levels of security expertise on the team to … Continue reading Building Microsoft Sentinel Incident Tasks Recipes

There’s a New Microsoft Sentinel Entry Page in Town

A new entry page for Microsoft Sentinel is rolling out after a successful stint in the Private Preview program. The rollout is slow but is creeping its way into every Microsoft Sentinel instance as you read this. You can see the differences between the two overviews in the image below and the changes are significant. … Continue reading There’s a New Microsoft Sentinel Entry Page in Town

Creating an URL Detonation Demo for Microsoft Sentinel

URL Detonation is a valuable feature of Microsoft Sentinel that provides deeper insights that enable faster triage of alerts. URL detonation is built into Microsoft Sentinel so another tool to accomplish this is not necessary. I have a method that enables one to create a quick demo for this scenario that utilizes a Watchlist and … Continue reading Creating an URL Detonation Demo for Microsoft Sentinel