Ignite and community Updates

alexverboon · Dec 3, 2024 · 24e54b6 · 24e54b6
1 parent cd1fe7a
commit 24e54b6
Show file tree

Hide file tree

Showing 9 changed files with 40 additions and 6 deletions.
diff --git a/docs/entraid.md b/docs/entraid.md
@@ -1742,6 +1742,7 @@
 ## Community Blogs
 
 - [From Intune to EntraID – Add custom data to the Extension Attributes](https://ugurkoc.de/from-intune-to-entraid-add-custom-data-to-the-extension-attributes/)
+- [Privilege escalation using Azure Service principal](https://laythchebbi.com/index.php/2024/09/01/privilege-escalation-using-azure-service-principal/)
 
 ### Conditional Access
 

diff --git a/docs/learn.md b/docs/learn.md
@@ -6,6 +6,7 @@
 - [Microsoft Cybersecurity Reference Architectures](https://learn.microsoft.com/en-us/security/adoption/mcra)
 - [The Chief Information Security Officer (CISO) Workshop Training](https://learn.microsoft.com/en-us/security/adoption/the-ciso-workshop)
 - [Zero Trust Lab](https://microsoft.github.io/ztlabguide/)
+- [Zero Trust Workshop: Advance your knowledge with an online resource](https://www.microsoft.com/en-us/security/blog/2024/11/06/zero-trust-workshop-advance-your-knowledge-with-an-online-resource/)
 
 ## Ninja Trainings
 
@@ -25,3 +26,7 @@
 ## Microsoft Airlift
 
 - [Microsoft Airlift](https://airlift.microsoft.com/home_public)
+
+## Interactive Lab Simulations
+
+- [SC-200 Interactive Lab Simulations - Microsoft Security Operations Analyst](https://mslabs.cloudguides.com/guides/SC-200%20Lab%20Simulations%20-%20Microsoft%20Security%20Operations%20Analyst)
diff --git a/docs/mdca.md b/docs/mdca.md
@@ -35,4 +35,10 @@
 - [Detecting Ransonware with Defender for Cloud Apps](https://cyberdom.blog/2023/08/27/detecting-ransomware-with-defender-for-cloud-apps/)
 - [Deep Diver – Defender for Cloud Apps Malware Detection in Office 365 Workloads](https://samilamppu.com/2022/05/04/deep-diver-defender-for-cloud-apps-malware-detection-in-office-365-workloads/)
 - [Microsoft Sentinel – Insights of Defender for Cloud Apps Data Connector](https://samilamppu.com/2022/03/24/microsoft-sentinel-insights-of-defender-for-cloud-apps-data-connector/)
-- [Integrate Microsoft Defendr for Endpoint with MCAS](https://www.eshlomo.us/integrate-microsoft-defender-for-endpoint-with-mcas/)
+- [Integrate Microsoft Defendr for Endpoint with MCAS](https://www.eshlomo.us/integrate-microsoft-defender-for-endpoint-with-mcas/)
+
+## GitHub
+
+- [Collection of useful resources for MDA/ Defender for Cloud Apps / DfCA / MCAS](https://github.com/jkerai1/SoftwareCertificates/tree/main/Bulk-IOC-CSVs/MDA#block-user-agents)
+- [MCAS Toolbox](https://github.com/alexverboon/MCASToolbox)
+- [MCAS Powershell Module [Unofficial]](https://github.com/microsoft/MCAS)
diff --git a/docs/mde.md b/docs/mde.md
@@ -12,6 +12,7 @@
 
 ## Microsoft Tech Community Blogs
 
+- [The unified agent now combines protection across endpoints, OT devices, identities, and DLP](https://techcommunity.microsoft.com/blog/microsoftdefenderatpblog/the-unified-agent-now-combines-protection-across-endpoints-ot-devices-identities/4303805)
 - [Security settings management is available for multi-tenant environments in Microsoft Defender XDR](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/security-settings-management-is-available-for-multi-tenant/ba-p/4250996)
 - [Microsoft Defender for Endpoint’s Safe Deployment Practices](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/microsoft-defender-for-endpoint-s-safe-deployment-practices/ba-p/4220342)
 - [Detect compromised RDP sessions with Microsoft Defender for Endpoint](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/detect-compromised-rdp-sessions-with-microsoft-defender-for/ba-p/4201003)
@@ -252,6 +253,10 @@
 
 ## Community Blogs
 
+- [Silencing Microsoft Defender for Endpoint using firewall rules](https://medium.com/csis-techblog/silencing-microsoft-defender-for-endpoint-using-firewall-rules-3839a8bf8d18)
+- [EDR Silencers and Beyond: Exploring Methods to Block EDR Communication - Part 1](https://cloudbrothers.info/edr-silencers-exploring-methods-block-edr-communication-part-1/)
+- [EDR Silencer and Beyond: Exploring Methods to Block EDR Communication - Part 2](https://academy.bluraven.io/blog/edr-silencer-and-beyond-exploring-methods-to-block-edr-communication-part-2)
+- [Silencing the EDR Silencers](https://www.huntress.com/blog/silencing-the-edr-silencers)
 - [Unleash The Power Of DeviceTvmInfoGathering](https://kqlquery.com/posts/devicetvminfogathering/)
 - [Peeking Behind the Curtain: Finding Defender’s Exclusions](https://blog.fndsec.net/2024/10/04/uncovering-exclusion-paths-in-microsoft-defender-a-security-research-insight/)
 - [Manage Defender for Endpoint for Windows, macOS, and Linux via Security settings management](https://jeffreyappel.nl/manage-mde-for-windows-macos-and-linux-via-security-settings-management/)
@@ -329,4 +334,5 @@
 ## GitHub
 
 - [MDE_Signature_Update_Detection.ps](https://github.com/ugurkocde/Intune/blob/main/Defender%20for%20Endpoint/MDE_Signature_Update_Detection.ps1)
-- [DefenderMAPS](https://github.com/alexverboon/DefenderMAPS)
+- [DefenderMAPS](https://github.com/alexverboon/DefenderMAPS)
+- [Nuke It From Orbit](https://github.com/lkarlslund/nifo)
diff --git a/docs/mdi.md b/docs/mdi.md
@@ -34,6 +34,7 @@
 
 ## Community Blogs
 
+- [Microsoft Defender for Identity Bulk Operation](https://thalpius.com/2024/11/13/microsoft-defender-for-identity-bulk-operation/)
 - [Microsoft Defender for Identity Access Key Vulnerability](https://thalpius.com/2024/07/18/microsoft-defender-for-identity-access-key-vulnerability/)
 - [Provoking Defender for Identity suspicious certificate usage alerts](https://tech.nicolonsky.ch/provoking-defender-for-identity-suspicious-certificate-usage-alerts/)
 - [Unmasking the shadows the art of threat hunting in Defender for Identity](https://cyberdom.blog/2023/12/09/unmasking-the-shadows-the-art-of-threat-hunting-in-defender-for-identity/)
@@ -68,4 +69,4 @@
 ## GitHub
 
 - [Raymond Roethof - Defender for Identity Tools](https://github.com/thalpius?tab=repositories)
-- [Defender for Identity Sizing Tool](https://github.com/microsoft/Microsoft-Defender-for-Identity-Sizing-Tool)
+- [Defender for Identity Sizing Tool](https://github.com/microsoft/Microsoft-Defender-for-Identity-Sizing-Tool)
diff --git a/docs/mdo.md b/docs/mdo.md
@@ -7,6 +7,8 @@
 
 ## Microsoft Tech Community Blogs
 
+- [Microsoft Ignite: Redefining email security with LLMs to tackle a new era of social engineering](https://techcommunity.microsoft.com/blog/microsoftdefenderforoffice365blog/microsoft-ignite-redefining-email-security-with-llms-to-tackle-a-new-era-of-soci/4302421)
+- [Create targeted attack simulation training campaigns with dynamic groups](https://techcommunity.microsoft.com/blog/microsoftdefenderforoffice365blog/create-targeted-attack-simulation-training-campaigns-with-dynamic-groups/4287637)
 - [Use community queries to hunt more effectively across email and collaboration threats](https://techcommunity.microsoft.com/t5/microsoft-defender-for-office/use-community-queries-to-hunt-more-effectively-across-email-and/ba-p/4254664)
 - [Improve end user resilience against QR code phishing](https://techcommunity.microsoft.com/t5/microsoft-defender-for-office/improve-end-user-resilience-against-qr-code-phishing/ba-p/4225742)
 - [How your submissions to Defender for Office 365 are processed behind-the-scenes](https://techcommunity.microsoft.com/t5/microsoft-defender-for-office/how-your-submissions-to-defender-for-office-365-are-processed/ba-p/4231551)

diff --git a/docs/mdtvm.md b/docs/mdtvm.md
@@ -6,6 +6,7 @@
 
 ## Microsoft Tech Community Blogs
 
+- [The unified agent now combines protection across endpoints, OT devices, identities, and DLP](https://techcommunity.microsoft.com/blog/microsoftdefenderatpblog/the-unified-agent-now-combines-protection-across-endpoints-ot-devices-identities/4303805)
 - [Research Analysis and Guidance: Ensuring Android Security Update Adoption](https://techcommunity.microsoft.com/t5/microsoft-defender-vulnerability/research-analysis-and-guidance-ensuring-android-security-update/ba-p/4216714)
 - [Enhancing vulnerability prioritization with asset context and EPSS - Now in Public Preview.](https://techcommunity.microsoft.com/t5/microsoft-defender-vulnerability/enhancing-vulnerability-prioritization-with-asset-context-and/ba-p/4212480)
 - [Using Export API with Defender Vulnerability Management](https://techcommunity.microsoft.com/t5/microsoft-defender-vulnerability/using-export-api-with-defender-vulnerability-management/ba-p/4191046)
@@ -45,9 +46,10 @@
 
 ## Community Blogs & Videos
 
+- [Microsoft Defender Vulnerability Management, exploring the add-on superpowers (part 1)](https://www.michalos.net/2024/10/20/microsoft-defender-vulnerability-management-exploring-the-add-on-superpowers-part-1/)
 - [Assessment and Control of Browser Extensions](https://www.verboon.info/2022/06/assessment-and-control-of-browser-extensions/)
 - [Using Defender Vulnerability Management to patch vulnerabilities](https://medium.com/@andrecamillo/using-defender-vulnerability-management-to-patch-vulnerabilities-4e59ebc944bb)
 - [Defender TVM: Configuration Benchmark Management](https://www.bluevoyant.com/blog/defender-tvm-configuration-benchmark-management/)
 - [How to generate a monthly Defender ATP Threat and Vulnerability Report](https://www.verboon.info/2019/11/how-to-generate-a-monthly-defender-atp-threat-and-vulnerability-report/)
 - [Threat & Vulnerability Management – improve client security with MDATP](https://chrisonsecurity.net/2020/05/08/threat-vulnerability-management-improve-client-security-with-mdatp/)
-- [Vulnerability management | Microsoft 365 Defender](https://www.youtube.com/watch?v=G54f7IqUFMU)
+- [Vulnerability management | Microsoft 365 Defender](https://www.youtube.com/watch?v=G54f7IqUFMU)
diff --git a/docs/mdxdr.md b/docs/mdxdr.md
@@ -9,6 +9,7 @@
 
 ## Microsoft Tech Community Blogs
 
+- [Ignite news: What's new in Microsoft Defender XDR?](https://techcommunity.microsoft.com/blog/microsoftthreatprotectionblog/ignite-news-whats-new-in-microsoft-defender-xdr/4303104)
 - [Host Microsoft Defender data locally in India](https://techcommunity.microsoft.com/t5/microsoft-defender-xdr-blog/host-microsoft-defender-data-locally-in-india/ba-p/4215053)
 - [Cybersecurity incident correlation in the unified security operations platform](https://techcommunity.microsoft.com/t5/microsoft-defender-xdr-blog/cybersecurity-incident-correlation-in-the-unified-security/ba-p/4214394)
 - [Host Microsoft Defender data locally in Switzerland](https://techcommunity.microsoft.com/t5/microsoft-defender-xdr-blog/host-microsoft-defender-data-locally-in-switzerland/ba-p/4141490)
@@ -76,6 +77,7 @@
 
 ## Community Blogs
 
+- [Unlimited Advanced Hunting for Microsoft 365 Defender with Azure Data Explorer](https://github.com/TheCloudScout/m365defender-adx)
 - [Audit Defender XDR Activities](https://kqlquery.com/posts/audit-defender-xdr/)
 - [Enhancing Your Entity Timelines: Sentinel Activities in the Unified Microsoft Defender XDR Portal](https://attackthesoc.com/posts/enhancing-entity-timelines/)
 - [Automatic attack disruption in Microsoft Defender XDR and containing users during Human-operated Attacks](https://jeffreyappel.nl/automatic-attack-disruption-in-microsoft-365-xdr-and-containing-users-during-human-operated-attacks/)
@@ -88,4 +90,4 @@
 
 ## Documentation
 
-- [Details and results of an automatic attack disruption action](https://learn.microsoft.com/en-us/defender-xdr/autoad-results#hunt-for-disable-user-account-actions)
+- [Details and results of an automatic attack disruption action](https://learn.microsoft.com/en-us/defender-xdr/autoad-results#hunt-for-disable-user-account-actions)
diff --git a/docs/sentinel.md b/docs/sentinel.md
@@ -7,6 +7,10 @@
 
 ## Microsoft Tech Community Blogs
 
+- [How Microsoft’s leading SIEM is getting even better](https://techcommunity.microsoft.com/blog/microsoftsentinelblog/how-microsoft%E2%80%99s-leading-siem-is-getting-even-better/4304327)
+- [Leave no data behind: Using summary rules to store data cost effectively in Microsoft Sentinel](https://techcommunity.microsoft.com/blog/microsoftsentinelblog/leave-no-data-behind-using-summary-rules-to-store-data-cost-effectively-in-micro/4296785)
+- [What’s New: Exciting new Microsoft Sentinel Connectors Announcement - Ignite 2024](https://techcommunity.microsoft.com/blog/microsoftsentinelblog/what%E2%80%99s-new-exciting-new-microsoft-sentinel-connectors-announcement---ignite-2024/4294146)
+- [Deploy Microsoft Sentinel using Bicep](https://techcommunity.microsoft.com/blog/microsoftsentinelblog/deploy-microsoft-sentinel-using-bicep/4270970)
 - [Save money on your Sentinel ingestion costs with Data Collection Rules](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/save-money-on-your-sentinel-ingestion-costs-with-data-collection/ba-p/4270256)
 - [What to do if your Sentinel Data Connector shows as [DEPRECATED]](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/what-to-do-if-your-sentinel-data-connector-shows-as-deprecated/ba-p/4270346)
 - [Cowrie honeypot and its Integration with Microsoft Sentinel.](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/cowrie-honeypot-and-its-integration-with-microsoft-sentinel/ba-p/4258349)
@@ -537,6 +541,10 @@
 
 ## Community Blogs
 
+- [Restricting Deletions of Incidents in Sentinel](https://www.linkedin.com/pulse/restricting-deletions-incidents-sentinel-jay-kerai-da9te/)
+- [Monitoring your DevOps platform](https://jamescook.dev/connect-azure-devops-sentinel)
+- [Azure DevOps Auditing with Sentinel](https://cyberdom.blog/azure-devops-auditing-with-microsoft-sentinel/)
+- [Azure DevOps Service security monitoring using Azure Sentinel](https://www.criticalstart.com/azure-devops-service-security-monitoring-using-azure-sentinel/)
 - [Use Cases For Sentinel Summary Rules](https://kqlquery.com/posts/sentinel-summary-rules/)
 - [Microsoft Sentinel Summary KQL deep dive (From Beginner to Advanced KQL)](https://modernsecops.com/p/microsoft-sentinel-summary-kql-deep-dive?utm_source=linkedin&utm_medium=organic_post&utm_campaign=summary_kql)
 - [Sentinel Automation Part 2: Automate CISA Known Exploited Vulnerability Notifications](https://kqlquery.com/posts/automatic-cisa-vulnerability-notifications/)
@@ -582,8 +590,9 @@
 - [Microsoft Sentinel Triage AssistanT (STAT)](https://github.com/briandelmsft/SentinelAutomationModules)
 - [Microsoft Sentinel - SEC Operations](https://github.com/eshlomo1/Microsoft-Sentinel-SecOps)
 - [Log Splitr](https://github.com/TheCloudScout/log-splitr)
+- [Azure DevOps detection rules](https://github.com/alexverboon/Hunting-Queries-Detection-Rules/tree/main/AzureDevOps)
 
 ## Learning and Training
 
 - [Optimizing Your Security Operations: Manage Your Data, Costs and Protections with SOC Optimizations](https://www.youtube.com/watch?v=Uk9x60grT-o)
-- [Optimizing your SOC's threat coverage and data value](https://www.youtube.com/watch?v=b0rbPZwBuc0)
+- [Optimizing your SOC's threat coverage and data value](https://www.youtube.com/watch?v=b0rbPZwBuc0)