diff --git a/Helper/rssextract.ps1 b/Helper/rssextract.ps1 index 832615d..728d245 100644 --- a/Helper/rssextract.ps1 +++ b/Helper/rssextract.ps1 @@ -1,54 +1,41 @@ -# Define the URL of the RSS feed -# Sentinel -#$rssUrl = "https://t#echcommunity.microsoft.com/plugins/custom/microsoft/o365/custom-blog-rss?tid=-1596964823266872039&board=MicrosoftSentinelBlog&size=20" -# Defender for Cloud -#$rssUrl = 'https://techcommunity.microsoft.com/plugins/custom/microsoft/o365/custom-blog-rss?tid=-1596964823266872039&board=MicrosoftDefenderCloudBlog&size=20' -# mdti -#$rssUrl = 'https://techcommunity.microsoft.com/plugins/custom/microsoft/o365/custom-blog-rss?tid=-1596964823266872039&board=DefenderThreatIntelligence&size=20' -# sec copilot -#$rssUrl = "https://techcommunity.microsoft.com/plugins/custom/microsoft/o365/custom-blog-rss?tid=-1596964823266872039&board=SecurityCopilotBlog&size=20" -# iot -#$rssUrl = "https://techcommunity.microsoft.com/plugins/custom/microsoft/o365/custom-blog-rss?tid=-1596964823266872039&board=MicrosoftDefenderIoTBlog&size=20" -# entra ID -#$rssurl = 'https://techcommunity.microsoft.com/plugins/custom/microsoft/o365/custom-blog-rss?tid=6042109320470044639&board=Identity&size=20' -# ca kenneth -#$rssUrl = "https://www.vansurksum.com/category/conditional-access/feed/?posts_per_page=500" -# chronlund -#$rssUrl = 'https://danielchronlund.com/category/conditional-access/feed/?posts_per_page=500' -# MDE -#$rssurl = 'https://techcommunity.microsoft.com/gxcuf89792/rss/board?board.id=MicrosoftDefenderATPBlog&size=20' -# EASM -#$rssUrl = 'https://techcommunity.microsoft.com/gxcuf89792/rss/board?board.id=DefenderExternalAttackSurfaceMgmtBlog&size=20' -# tvm -#$rssUrl = 'https://techcommunity.microsoft.com/plugins/custom/microsoft/o365/custom-blog-rss?tid=860249516929499341&board=Vulnerability-Management&size=25' -# xdr -#$rssUrl = 'https://techcommunity.microsoft.com/plugins/custom/microsoft/o365/custom-blog-rss?tid=860249516929499341&board=MicrosoftThreatProtectionBlog&size=25' +# Define an array of RSS URLs and their corresponding output file paths +$rssFeeds = @( + @{ Url = "https://techcommunity.microsoft.com/plugins/custom/microsoft/o365/custom-blog-rss?tid=-1596964823266872039&board=MicrosoftSentinelBlog&size=20"; OutFile = "c:\temp\Sentinel_rssdump.txt" }, + @{ Url = "https://techcommunity.microsoft.com/plugins/custom/microsoft/o365/custom-blog-rss?tid=-1596964823266872039&board=MicrosoftDefenderCloudBlog&size=20"; OutFile = "c:\temp\DefenderForCloud_rssdump.txt" }, + @{ Url = "https://techcommunity.microsoft.com/plugins/custom/microsoft/o365/custom-blog-rss?tid=-1596964823266872039&board=DefenderThreatIntelligence&size=20"; OutFile = "c:\temp\MDTI_rssdump.txt" }, + @{ Url = "https://techcommunity.microsoft.com/plugins/custom/microsoft/o365/custom-blog-rss?tid=-1596964823266872039&board=SecurityCopilotBlog&size=20"; OutFile = "c:\temp\SecCopilot_rssdump.txt" }, + @{ Url = "https://techcommunity.microsoft.com/plugins/custom/microsoft/o365/custom-blog-rss?tid=-1596964823266872039&board=MicrosoftDefenderIoTBlog&size=20"; OutFile = "c:\temp\IoT_rssdump.txt" }, + @{ Url = "https://techcommunity.microsoft.com/plugins/custom/microsoft/o365/custom-blog-rss?tid=6042109320470044639&board=Identity&size=20"; OutFile = "c:\temp\EntraID_rssdump.txt" }, + @{ Url = "https://www.vansurksum.com/category/conditional-access/feed/?posts_per_page=500"; OutFile = "c:\temp\CAKenneth_rssdump.txt" }, + @{ Url = "https://danielchronlund.com/category/conditional-access/feed/?posts_per_page=500"; OutFile = "c:\temp\Chronlund_rssdump.txt" }, + @{ Url = "https://techcommunity.microsoft.com/gxcuf89792/rss/board?board.id=MicrosoftDefenderATPBlog&size=20"; OutFile = "c:\temp\MDE_rssdump.txt" }, + @{ Url = "https://techcommunity.microsoft.com/gxcuf89792/rss/board?board.id=DefenderExternalAttackSurfaceMgmtBlog&size=20"; OutFile = "c:\temp\EASM_rssdump.txt" }, + @{ Url = "https://techcommunity.microsoft.com/plugins/custom/microsoft/o365/custom-blog-rss?tid=860249516929499341&board=Vulnerability-Management&size=25"; OutFile = "c:\temp\TVM_rssdump.txt" }, + @{ Url = "https://techcommunity.microsoft.com/plugins/custom/microsoft/o365/custom-blog-rss?tid=860249516929499341&board=MicrosoftThreatProtectionBlog&size=25"; OutFile = "c:\temp\XDR_rssdump.txt" }, + @{ Url = "https://techcommunity.microsoft.com/plugins/custom/microsoft/o365/custom-blog-rss?tid=860249516929499341&board=MicrosoftDefenderforOffice365Blog&size=25"; OutFile = "c:\temp\MDO_rssdump.txt" }, + @{ Url = "https://techcommunity.microsoft.com/plugins/custom/microsoft/o365/custom-blog-rss?tid=860249516929499341&board=MicrosoftSecurityandCompliance&size=40"; OutFile = "c:\temp\SecurityCompliance_rssdump.txt" } +) -# mdo -#$rssUrl = 'https://techcommunity.microsoft.com/plugins/custom/microsoft/o365/custom-blog-rss?tid=860249516929499341&board=MicrosoftDefenderforOffice365Blog&size=25' +# Iterate over each RSS feed in the array +foreach ($feed in $rssFeeds) { + $rssUrl = $feed.Url + $outfile = $feed.OutFile -# security and compliance -$rssUrl = 'https://techcommunity.microsoft.com/plugins/custom/microsoft/o365/custom-blog-rss?tid=860249516929499341&board=MicrosoftSecurityandCompliance&size=40' + # Fetch the RSS XML data + $response = Invoke-WebRequest -Uri $rssUrl + $rss = [xml]$response.Content + # Iterate over each item in the RSS feed + foreach ($item in $rss.rss.channel.item) { + $title = $item.title + $url = $item.link + $pubdate = $item.pubDate + # Create a markdown link for the RSS item + $md = "- " + "[" + $title + "]" + "(" + $url + ")" -$outfile = "c:\temp\rssdump.txt" -# Fetch the RSS XML data -$response = Invoke-WebRequest -Uri $rssUrl -# Load XML from the response -$rss = [xml]$response.Content -# Iterate over each item in the RSS feed -foreach ($item in $rss.rss.channel.item) { - # Extract the title and link - $title = $item.title - $url = $item.link - $pubdate = $item.pubDate - - # Print the title and URL - #Write-Output "Title: $title" - #Write-Output "URL: $url" - #Write-Output "PubDate: $pubdate" - - $md = "- " + "[" + $title + "]" + "(" + $url + ")" - $md | Out-File -FilePath $outfile -Append -Force + # Output to the specific file for this RSS feed + $md | Out-File -FilePath $outfile -Append -Force + } } + diff --git a/docs/entraid.md b/docs/entraid.md index 8c3f193..eea4da9 100644 --- a/docs/entraid.md +++ b/docs/entraid.md @@ -8,6 +8,13 @@ ## Microsoft Tech Community Blogs +- [Microsoft Security announcements and demos at Authenticate 2024](https://techcommunity.microsoft.com/t5/microsoft-entra-blog/microsoft-security-announcements-and-demos-at-authenticate-2024/ba-p/4263029) +- [What's new in Microsoft Entra - September 2024](https://techcommunity.microsoft.com/t5/microsoft-entra-blog/what-s-new-in-microsoft-entra-september-2024/ba-p/4253153) +- [Explore the key benefits of Microsoft Entra Private Access](https://techcommunity.microsoft.com/t5/microsoft-entra-blog/explore-the-key-benefits-of-microsoft-entra-private-access/ba-p/3905449) +- [Join us at the Microsoft Entra Suite Showcase!](https://techcommunity.microsoft.com/t5/microsoft-entra-blog/join-us-at-the-microsoft-entra-suite-showcase/ba-p/4250628) +- [Microsoft Entra Internet Access now generally available](https://techcommunity.microsoft.com/t5/microsoft-entra-blog/microsoft-entra-internet-access-now-generally-available/ba-p/3922547) +- [Omdia’s perspective on Microsoft’s SSE solution](https://techcommunity.microsoft.com/t5/microsoft-entra-blog/omdia-s-perspective-on-microsoft-s-sse-solution/ba-p/4237794) +- [MFA enforcement for Microsoft Entra admin center sign-in coming soon](https://techcommunity.microsoft.com/t5/microsoft-entra-blog/mfa-enforcement-for-microsoft-entra-admin-center-sign-in-coming/ba-p/4230849) - [Face Check is now generally available](https://techcommunity.microsoft.com/t5/microsoft-entra-blog/face-check-is-now-generally-available/ba-p/4175880) - [Public preview: Microsoft Entra ID FIDO2 provisioning APIs](https://techcommunity.microsoft.com/t5/microsoft-entra-blog/public-preview-microsoft-entra-id-fido2-provisioning-apis/ba-p/4062699) - [Migrate ADAL apps to MSAL with enhanced insights](https://techcommunity.microsoft.com/t5/microsoft-entra-blog/migrate-adal-apps-to-msal-with-enhanced-insights/ba-p/4194361) diff --git a/docs/learn.md b/docs/learn.md index 0ff9b0b..a2f92c2 100644 --- a/docs/learn.md +++ b/docs/learn.md @@ -9,6 +9,7 @@ ## Ninja Trainings +- [Welcome to the Microsoft Incident Response Ninja Hub](https://techcommunity.microsoft.com/t5/microsoft-security-experts-blog/welcome-to-the-microsoft-incident-response-ninja-hub/ba-p/4243594) - [Microsoft Sentinel & Defender XDR Virtual Ninja Training](https://adoption.microsoft.com/en-us/ninja-show/) - [Train your security staff for Microsoft Defender XDR](https://learn.microsoft.com/en-us/defender-xdr/microsoft-365-defender-train-security-staff) - [Become a Microsoft Defender for Endpoint Ninja](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/microsoft-defender-for-endpoint-ninja-training-august-2021/ba-p/2611623) @@ -21,5 +22,6 @@ - [Become a Microsoft Defender Vulnerability Management Ninja](https://techcommunity.microsoft.com/t5/microsoft-defender-vulnerability/become-a-microsoft-defender-vulnerability-management-ninja/ba-p/4003011) - [Become a Microsoft Sentinel Ninja](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/become-a-microsoft-sentinel-ninja-the-complete-level-400/ba-p/1246310) +## Microsoft Airlift - +- [Microsoft Airlift](https://airlift.microsoft.com/home_public) diff --git a/docs/mdc.md b/docs/mdc.md index a457fc8..2771ef6 100644 --- a/docs/mdc.md +++ b/docs/mdc.md @@ -6,6 +6,9 @@ ## Microsoft Tech Community Blogs +- [Monthly News - October 2024](https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/monthly-news-october-2024/ba-p/4260397) +- [Introducing the new File Integrity Monitoring with Defender for Endpoint integration](https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/introducing-the-new-file-integrity-monitoring-with-defender-for/ba-p/4252051) +- [Monthly News - September 2024](https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/monthly-news-september-2024/ba-p/4235917) - [Detect Container Drift with Microsoft Defender for Containers](https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/detect-container-drift-with-microsoft-defender-for-containers/ba-p/4232044) - [Securing Multi-Cloud Gen AI workloads using Azure Native Solutions](https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/securing-multi-cloud-gen-ai-workloads-using-azure-native/ba-p/4222728) - [Using Defender XDR Portal to hunt for Kubernetes security issues](https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/using-defender-xdr-portal-to-hunt-for-kubernetes-security-issues/ba-p/4217741) diff --git a/docs/mde.md b/docs/mde.md index c8a8169..3d360e8 100644 --- a/docs/mde.md +++ b/docs/mde.md @@ -12,6 +12,7 @@ ## Microsoft Tech Community Blogs +- [Security settings management is available for multi-tenant environments in Microsoft Defender XDR](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/security-settings-management-is-available-for-multi-tenant/ba-p/4250996) - [Microsoft Defender for Endpoint’s Safe Deployment Practices](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/microsoft-defender-for-endpoint-s-safe-deployment-practices/ba-p/4220342) - [Detect compromised RDP sessions with Microsoft Defender for Endpoint](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/detect-compromised-rdp-sessions-with-microsoft-defender-for/ba-p/4201003) - [Reduce friction and protect faster with simplified Android onboarding](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/reduce-friction-and-protect-faster-with-simplified-android/ba-p/4206049) @@ -251,6 +252,9 @@ ## Community Blogs +- [Unleash The Power Of DeviceTvmInfoGathering](https://kqlquery.com/posts/devicetvminfogathering/) +- [Peeking Behind the Curtain: Finding Defender’s Exclusions](https://blog.fndsec.net/2024/10/04/uncovering-exclusion-paths-in-microsoft-defender-a-security-research-insight/) +- [Manage Defender for Endpoint for Windows, macOS, and Linux via Security settings management](https://jeffreyappel.nl/manage-mde-for-windows-macos-and-linux-via-security-settings-management/) - [Microsoft Defender for Endpoint Deployment rings](https://github.com/mattnovitsch/M365/wiki/Microsoft-Defender-for-Endpoint-Deployment-rings) - [Common mistakes during Microsoft Defender for Endpoint deployments](https://jeffreyappel.nl/common-mistakes-during-microsoft-defender-for-endpoint-deployments/) - [Analyzing MDE Network Inspections](https://hybridbrothers.com/analyzing-mde-network-inspections/) diff --git a/docs/mdeasm.md b/docs/mdeasm.md index a07cd70..572497e 100644 --- a/docs/mdeasm.md +++ b/docs/mdeasm.md @@ -24,6 +24,7 @@ ## Community Blogs & Videos +- [Integrating Defender EASM with Microsoft Sentinel Guide](https://charbelnemnom.com/connect-defender-easm-to-microsoft-sentinel/#google_vignette) - [Connect Microsoft Defender EASM to Microsoft Sentinel for Incident enrichment](https://derkvanderwoude.medium.com/connect-microsoft-defender-easm-to-microsoft-sentinel-for-incident-enrichment-521efd6dd684) - [Introduction into Microsoft Defender EASM (External Attack Surface Management)](https://derkvanderwoude.medium.com/introduction-into-microsoft-defender-easm-external-attack-surface-management-3fdee6ccf256) - [Microsoft Defender EASM - External Attack Surface Management](https://www.youtube.com/watch?v=RvV7RZ1puV4) diff --git a/docs/mdo.md b/docs/mdo.md index 79ce768..d8bae67 100644 --- a/docs/mdo.md +++ b/docs/mdo.md @@ -7,6 +7,8 @@ ## Microsoft Tech Community Blogs +- [Use community queries to hunt more effectively across email and collaboration threats](https://techcommunity.microsoft.com/t5/microsoft-defender-for-office/use-community-queries-to-hunt-more-effectively-across-email-and/ba-p/4254664) +- [Improve end user resilience against QR code phishing](https://techcommunity.microsoft.com/t5/microsoft-defender-for-office/improve-end-user-resilience-against-qr-code-phishing/ba-p/4225742) - [How your submissions to Defender for Office 365 are processed behind-the-scenes](https://techcommunity.microsoft.com/t5/microsoft-defender-for-office/how-your-submissions-to-defender-for-office-365-are-processed/ba-p/4231551) - [Secure architecture design – How Defender for Office 365 protects against EchoSpoofing](https://techcommunity.microsoft.com/t5/microsoft-defender-for-office/secure-architecture-design-how-defender-for-office-365-protects/ba-p/4225358) - [Automate Tenant Allow/Block List entries](https://techcommunity.microsoft.com/t5/microsoft-defender-for-office/automate-tenant-allow-block-list-entries/ba-p/4213201) diff --git a/docs/mdti.md b/docs/mdti.md index 0016011..a5590ff 100644 --- a/docs/mdti.md +++ b/docs/mdti.md @@ -7,6 +7,8 @@ ## Microsoft Tech Community Blogs +- [New Copilot for Security Plugin Name Reflects Broader Capabilities](https://techcommunity.microsoft.com/t5/microsoft-defender-threat/new-copilot-for-security-plugin-name-reflects-broader/ba-p/4258810) +- [MDTI for Government Now Available](https://techcommunity.microsoft.com/t5/microsoft-defender-threat/mdti-for-government-now-available/ba-p/4258823) - [Introducing the MDTI Article Digest](https://techcommunity.microsoft.com/t5/microsoft-defender-threat/introducing-the-mdti-article-digest/ba-p/4223917) - [Introducing the MDTI Premium Data Connector for Sentinel](https://techcommunity.microsoft.com/t5/microsoft-defender-threat/introducing-the-mdti-premium-data-connector-for-sentinel/ba-p/4220346) - [More Threat Intelligence Content In MDTI, TA Enables Better Security Outcomes](https://techcommunity.microsoft.com/t5/microsoft-defender-threat/more-threat-intelligence-content-in-mdti-ta-enables-better/ba-p/4177542) diff --git a/docs/securitycopilot.md b/docs/securitycopilot.md index 972f3d6..066b28c 100644 --- a/docs/securitycopilot.md +++ b/docs/securitycopilot.md @@ -7,6 +7,26 @@ ## Microsoft Tech Community Blogs +- [Microsoft Copilot for Security Achieves HITRUST Certification](https://techcommunity.microsoft.com/t5/microsoft-security-copilot-blog/microsoft-copilot-for-security-achieves-hitrust-certification/ba-p/4262303) +- [Case Study: Harnessing Copilot for Security in Defending Against Cyberthreats](https://techcommunity.microsoft.com/t5/microsoft-security-copilot-blog/case-study-harnessing-copilot-for-security-in-defending-against/ba-p/4251623) +- [Use LogicApps and Copilot for Security to auto-process ISAC Emails](https://techcommunity.microsoft.com/t5/microsoft-security-copilot-blog/use-logicapps-and-copilot-for-security-to-auto-process-isac/ba-p/4243882) +- [Harnessing the power of KQL Plugins for enhanced security insights with Copilot for Security](https://techcommunity.microsoft.com/t5/microsoft-security-copilot-blog/harnessing-the-power-of-kql-plugins-for-enhanced-security/ba-p/4221891) +- [Extending Microsoft Copilot for Security Capabilities with Azure Function Apps](https://techcommunity.microsoft.com/t5/microsoft-security-copilot-blog/extending-microsoft-copilot-for-security-capabilities-with-azure/ba-p/4220267) +- [Microsoft Copilot for Security Now Covered by HIPAA Business Associate Agreement (BAA)](https://techcommunity.microsoft.com/t5/microsoft-security-copilot-blog/microsoft-copilot-for-security-now-covered-by-hipaa-business/ba-p/4220174) +- [Using Microsoft Graph as a Microsoft Copilot for Security Plugin with Delegated Access](https://techcommunity.microsoft.com/t5/microsoft-security-copilot-blog/using-microsoft-graph-as-a-microsoft-copilot-for-security-plugin/ba-p/4198148) +- [How to build a Copilot for Security API Plugin – Part 2](https://techcommunity.microsoft.com/t5/microsoft-security-copilot-blog/how-to-build-a-copilot-for-security-api-plugin-part-2/ba-p/4163829) +- [Microsoft Copilot for Security Attains ISO 27001, 27017, and 27018 Certifications](https://techcommunity.microsoft.com/t5/microsoft-security-copilot-blog/microsoft-copilot-for-security-attains-iso-27001-27017-and-27018/ba-p/4161758) +- [Exploring Copilot for Security to Automate Incident Triage](https://techcommunity.microsoft.com/t5/microsoft-security-copilot-blog/exploring-copilot-for-security-to-automate-incident-triage/ba-p/4154887) +- [Updates to Security Admin permissions for Microsoft Copilot for Security](https://techcommunity.microsoft.com/t5/microsoft-security-copilot-blog/updates-to-security-admin-permissions-for-microsoft-copilot-for/ba-p/4140692) +- [What’s New? – Security Copilot Azure logic app Connector](https://techcommunity.microsoft.com/t5/microsoft-security-copilot-blog/what-s-new-security-copilot-azure-logic-app-connector/ba-p/4127939) +- [Azure Web Application Firewall(WAF) integration in Copilot for Security](https://techcommunity.microsoft.com/t5/microsoft-security-copilot-blog/azure-web-application-firewall-waf-integration-in-copilot-for/ba-p/4147911) +- [Azure Firewall integration in Copilot for Security: protect networks at machine speed with Gen AI](https://techcommunity.microsoft.com/t5/microsoft-security-copilot-blog/azure-firewall-integration-in-copilot-for-security-protect/ba-p/4145396) +- [Unifying security tools with Copilot for Security's partner ecosystem](https://techcommunity.microsoft.com/t5/microsoft-security-copilot-blog/unifying-security-tools-with-copilot-for-security-s-partner/ba-p/4130963) +- [LeVar Burton joins Vasu Jakkal to share his hope for transformative technologies like generative AI](https://techcommunity.microsoft.com/t5/microsoft-security-copilot-blog/levar-burton-joins-vasu-jakkal-to-share-his-hope-for/ba-p/4122825) +- [How to Become a Microsoft Copilot for Security Ninja: The Complete Level 400 Training](https://techcommunity.microsoft.com/t5/microsoft-security-copilot-blog/how-to-become-a-microsoft-copilot-for-security-ninja-the/ba-p/4106928) +- [Unleash the Power of Microsoft Copilot for Security: Introducing the Copilot for Security GitHub](https://techcommunity.microsoft.com/t5/microsoft-security-copilot-blog/unleash-the-power-of-microsoft-copilot-for-security-introducing/ba-p/4109184) +- [Microsoft Copilot for Security Defender XDR Plugin Overview](https://techcommunity.microsoft.com/t5/microsoft-security-copilot-blog/microsoft-copilot-for-security-defender-xdr-plugin-overview/ba-p/4114033) +- [Microsoft Copilot for Security Purview Plugin Overview](https://techcommunity.microsoft.com/t5/microsoft-security-copilot-blog/microsoft-copilot-for-security-purview-plugin-overview/ba-p/4114046) - [Learn how to customize and optimize Copilot for Security with the custom Data Security plugin](https://techcommunity.microsoft.com/t5/security-compliance-and-identity/learn-how-to-customize-and-optimize-copilot-for-security-with/ba-p/4120147) - [Harnessing the power of KQL Plugins for enhanced security insights with Copilot for Security](https://techcommunity.microsoft.com/t5/microsoft-security-copilot-blog/harnessing-the-power-of-kql-plugins-for-enhanced-security/ba-p/4221891) - [Extending Microsoft Copilot for Security Capabilities with Azure Function Apps](https://techcommunity.microsoft.com/t5/microsoft-security-copilot-blog/extending-microsoft-copilot-for-security-capabilities-with-azure/ba-p/4220267) @@ -43,6 +63,7 @@ ## Community Blogs +- [AI & Security: Introduction (Part 1)](https://emptydc.com/2024/10/10/ai-security-introduction-part-1/) - [How to onboard and getting started with Copilot for Security](https://jeffreyappel.nl/how-to-onboard-and-getting-started-with-copilot-for-security/) ## GitHub diff --git a/docs/sentinel.md b/docs/sentinel.md index 8c98ba9..4106ecc 100644 --- a/docs/sentinel.md +++ b/docs/sentinel.md @@ -7,6 +7,17 @@ ## Microsoft Tech Community Blogs +- [Save money on your Sentinel ingestion costs with Data Collection Rules](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/save-money-on-your-sentinel-ingestion-costs-with-data-collection/ba-p/4270256) +- [What to do if your Sentinel Data Connector shows as [DEPRECATED]](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/what-to-do-if-your-sentinel-data-connector-shows-as-deprecated/ba-p/4270346) +- [Cowrie honeypot and its Integration with Microsoft Sentinel.](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/cowrie-honeypot-and-its-integration-with-microsoft-sentinel/ba-p/4258349) +- [Introducing the Use Cases Mapper workbook](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/introducing-the-use-cases-mapper-workbook/ba-p/4202058) +- [Level Up Your Security Skills with the New Microsoft Sentinel Ninja Training!](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/level-up-your-security-skills-with-the-new-microsoft-sentinel/ba-p/4260106) +- [What's New: Global Search in Unified Security Operations platform includes Sentinel user and devices](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/what-s-new-global-search-in-unified-security-operations-platform/ba-p/4255122) +- [Detecting AiTM Phishing via 3rd-Party Network events in Unified Security Operations Platform](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/detecting-aitm-phishing-via-3rd-party-network-events-in-unified/ba-p/4224653) +- [The power of Data Collection Rules: Detect Disabling Windows Defender Real-Time Protection](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/the-power-of-data-collection-rules-detect-disabling-windows/ba-p/4236540) +- [The power of Data Collection Rules: Monitoring PowerShell usage](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/the-power-of-data-collection-rules-monitoring-powershell-usage/ba-p/4236527) +- [SIEM Migration Update: Now Migrate with contextual depth in translations with Microsoft Sentinel!](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/siem-migration-update-now-migrate-with-contextual-depth-in/ba-p/4241234) +- [The power of Data Collection Rules: Collecting events for advanced use cases in Microsoft USOP](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/the-power-of-data-collection-rules-collecting-events-for/ba-p/4236486) - [Hunting with Microsoft Graph activity logs](https://techcommunity.microsoft.com/t5/microsoft-security-experts-blog/hunting-with-microsoft-graph-activity-logs/ba-p/4234632) - [What's new: Multi-tenancy in the unified security operations platform experience in Public Preview](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/what-s-new-multi-tenancy-in-the-unified-security-operations/ba-p/4225658) - [Comprehensive coverage and cost-savings with Microsoft Sentinel’s new data tier](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/comprehensive-coverage-and-cost-savings-with-microsoft-sentinel/ba-p/4223293) @@ -526,6 +537,7 @@ ## Community Blogs +- [Use Cases For Sentinel Summary Rules](https://kqlquery.com/posts/sentinel-summary-rules/) - [Microsoft Sentinel Summary KQL deep dive (From Beginner to Advanced KQL)](https://modernsecops.com/p/microsoft-sentinel-summary-kql-deep-dive?utm_source=linkedin&utm_medium=organic_post&utm_campaign=summary_kql) - [Sentinel Automation Part 2: Automate CISA Known Exploited Vulnerability Notifications](https://kqlquery.com/posts/automatic-cisa-vulnerability-notifications/) - [Optimize Microsoft Sentinel Log Retention with Azure Data Explorer](https://charbelnemnom.com/optimize-microsoft-sentinel-log-retention-adx/?utm_content=cmp-true)