How to Get the KQL Query Created by the New 365 Defender Query Builder

Hopefully, you didn't miss the latest news that the new KQL Query Builder for 365 Defender is in public preview. If you did miss it, check out: Hunt in Microsoft 365 Defender without KQL! KQL Query Builder This is exciting news and something that customers have asked for to match similar functionality of competitive products. … Continue reading How to Get the KQL Query Created by the New 365 Defender Query Builder

What are DEV-#### indicator designations for detections?

I had this question come up today, but I've been asked a few times before recently, so I believe it's prudent to supply and explanation and guidance on what to do with these. Microsoft uses DEV-#### designations as a temporary name given to an unknown, emerging, or a developing cluster of threat activity, allowing MSTIC … Continue reading What are DEV-#### indicator designations for detections?

The Security Content Guide to Microsoft Build 2022

Build 2022 has a LOT of awesome security-focused content along with the great content to be consumed for any number of focus areas. For my area of focus -- security -- here's the things I'm most interested in and the sessions that I'll be focusing on to glean knowledge for the things I'm tasked with … Continue reading The Security Content Guide to Microsoft Build 2022

SC-100: Microsoft Cybersecurity Architect Gets a Learning Path

For those of us that took the SC-100 beta exam, there's a strong indicator today that the exam results could show up soon. That indicator is a new SC-100 Learn path. The Learn path is a set of modules that are repurposed from other exams, but it's a Learn path, nonetheless. The following is the … Continue reading SC-100: Microsoft Cybersecurity Architect Gets a Learning Path

Microsoft Defender for Endpoint Workbook for Microsoft Sentinel

There's a new Workbook available in the Microsoft Sentinel console that I'm pretty sure you'll overlook because it's been released without much fanfare. However, for those taking advantage of Microsoft Defender for Endpoint and the connection to Microsoft Sentinel, this Workbook contains valuable information. To locate it, in Workbook - Templates, to a quick filter … Continue reading Microsoft Defender for Endpoint Workbook for Microsoft Sentinel

Join the Launch of Microsoft Security Insights on Microsoft Reactor

On April 20th, myself and my colleagues will be kicking off a new journey for the Microsoft Security Insights podcast. We will be kicking off our first-ever Microsoft Reactor show, joined by our inaugural guest, Matt Soseman, Senior Program Manager in Identity & Network Access Division. If you missed it, read the reasons and behind … Continue reading Join the Launch of Microsoft Security Insights on Microsoft Reactor

Introducing a New Series Called Security Rodcasts

Customers are inundated with the ever-flowing stream of updates to all of our services and products. I know it's hard to keep up, and it's even harder to commit time to learn about all the new stuff. I've mulled for a time how to deliver bite-sized nuggets of Microsoft Security information in a way that … Continue reading Introducing a New Series Called Security Rodcasts

The Microsoft Security Operations Guide Contains Microsoft Sentinel Templates for Things to Monitor

Thanks to a huge collaborative effort, there's now some additional value in the Microsoft Security Operations Guide - specifically for Microsoft Sentinel customers. You can locate the full Security Operations Guide at the following link: https://cda.ms/3nn Inside the guide, in each operations section you'll find a Things to Monitor table. This table provides guidance and … Continue reading The Microsoft Security Operations Guide Contains Microsoft Sentinel Templates for Things to Monitor

Must Learn KQL Part 4: Search for Fun and Profit

This post is part of an ongoing series to educate about the simplicity and power of the Kusto Query Language (KQL). If you’d like the 90-second post-commercial recap that seems to be a standard part of every TV show these days… The full series index (including code and queries) is located here: https://aka.ms/MustLearnKQL The book … Continue reading Must Learn KQL Part 4: Search for Fun and Profit

Must Learn KQL Part 3: Workflow

This post is part of an ongoing series to educate about the simplicity and power of the Kusto Query Language (KQL). If you’d like the 90-second post-commercial recap that seems to be a standard part of every TV show these days… The full series index (including code and queries) is located here: https://aka.ms/MustLearnKQL The book … Continue reading Must Learn KQL Part 3: Workflow