Rod’s Blog

Rod's Blog focuses on Microsoft Security and AI technologies, offering insights into cybersecurity best practices, the ethical use of AI, career advice in tech, and the integration of AI with security. It emphasizes the importance of certifications, mental resilience for professionals, and the evolving landscape of generative AI and cybersecurity.

Microsoft Security Technologies Artificial Intelligence Cybersecurity Best Practices Career Development in Tech Generative AI Ethics in AI and Cybersecurity Microsoft Product Integration Cybersecurity Certifications Cybersecurity for Small Businesses AI Impact on Job Market

The hottest Substack posts of Rod’s Blog

And their main takeaways

Brief: How Microsoft Secures Its Copilots

19 implied HN points 01 Feb 24
🕹 Technology AI Privacy Security Data Protection Machine Learning
  1. Microsoft's Copilot for Microsoft 365 adheres to strict data privacy and security regulations like GDPR, ensuring organizational data confidentiality.
  2. The Copilot system integrates large language models with Microsoft Graph and 365 apps, maintaining enterprise-level data protection during processing.
  3. By utilizing the Azure OpenAI Service controlled by Microsoft, Copilot ensures that business data is not used to train models, offering organizations control over their data processing.

Staying Safe in a World Full of AI Integrated Devices

19 implied HN points 31 Jan 24
🕹 Technology Privacy Security Well-being
  1. AI can pose risks to privacy through data collection without consent; protect your privacy with strong passwords and limit AI features' access.
  2. AI can threaten security through sophisticated attacks like deepfakes; protect your security with regular updates, antivirus software, and verifying content sources.
  3. AI can impact well-being by increasing stress and reducing social skills; protect your well-being by setting boundaries, balancing online and offline activities, and maintaining social connections.

The KQL Mysteries: Chapter 7

19 implied HN points 30 Jan 24
🕹 Technology Data Analysis Cybersecurity Tech Innovation
  1. Jordan Alghamdi is a skilled data analyst in Saudi Arabia who blends tradition with modern technology in her work at a state-of-the-art data center.
  2. The data center where Jordan works represents Saudi Arabia's push towards modernization while preserving tradition, showcasing the country's advancement in technology.
  3. Jordan's use of KQL, a query language, showcases her analytical skills as she unravels complex data to solve mysteries and address potential threats.

Securing Data that is Used by AI

19 implied HN points 25 Jan 24
🕹 Technology AI Security Data Management Ethics Privacy
  1. Securing data used by AI is vital for security, performance, reliability, ethics, and trust.
  2. Data hygiene practices include collecting necessary data types, encrypting data, and maintaining data lineage.
  3. Ensuring data quality through validation, diversity, and detection methods is crucial for accurate and fair AI outcomes.

The Impact of AI on the Economy

19 implied HN points 23 Jan 24
🕹 Technology AI Economy Risk mitigation Policy
  1. AI has the potential to benefit the economy by enhancing productivity, innovation, and value creation, but also poses risks like job displacement, ethical dilemmas, and social inequalities.
  2. AI can transform various sectors and industries by improving efficiency, quality, and customer experience through applications like healthcare diagnosis, personalized education, optimized manufacturing, predictive retailing, and fraud detection in finance.
  3. Mitigating AI risks involves implementing policy frameworks, business practices, and individual actions to ensure legal, ethical, and responsible use of AI, such as creating standards, promoting transparency, integrating AI responsibly, and learning new skills.
Get a weekly roundup of the best Substack posts, by hacker news affinity:

The KQL Mysteries: The Holiday 2023 Episode Part 4

19 implied HN points 14 Dec 23
⚔ Fiction Mystery Holiday Thriller
  1. The holiday episode of The KQL Mysteries took an unexpected turn when Jon and Sarah caught a hacker in a surprising location, leading to a collaborative resolution with a cybersecurity firm.
  2. The hacker, a disgruntled former employee seeking revenge, tried to cause chaos during the festive season, but Jon and Sarah's vigilance and cooperation with the cybersecurity firm helped thwart the attack.
  3. The story ended with peace of mind prevailing, highlighting the importance of staying vigilant and prepared to protect networks and spirits during the holiday season.

The Ways Microsoft Security Copilot Can Enhance Security Operations with Microsoft Defender

19 implied HN points 07 Dec 23
🕹 Technology Security AI Integration Reports
  1. Microsoft Security Copilot is an AI-powered security solution that assists security professionals in various scenarios like incident response, threat hunting, intelligence gathering, and posture management.
  2. Security Copilot helps analysts triage alerts, hunt for threats, and generate reports using natural language queries and AI, seamlessly integrating with Microsoft Security products like Microsoft Defender.
  3. The solution leverages plugins and OpenAI architecture to provide wider threat visibility, context, and extended functionalities for security operations.

Must Learn AI Security Compendium 17: Cognitive Security

19 implied HN points 04 Dec 23
🕹 Technology AI Security Machine Learning Artificial Intelligence
  1. Cognitive security uses AI and machine learning to improve digital systems' security by automating threat detection and response.
  2. Benefits of cognitive security include faster threat detection, improved decision-making for security professionals, and cost reduction for security operations.
  3. Challenges of cognitive security include new risks, ethical and legal issues, and the need for investments and expertise; organizations should have a clear vision, a trustworthy culture, and embrace innovation to address these challenges.

Tip: Turning on Search Job Mode in the Microsoft Sentinel Logs Blade

19 implied HN points 28 Nov 23
🕹 Technology Software Tools Data Analysis Cybersecurity
  1. Search Jobs in Microsoft Sentinel help search through large datasets for specific events matching criteria.
  2. Search Jobs have their own dedicated section in the Microsoft Sentinel menu blades, reflecting their importance.
  3. Turning on Search Job Mode in Microsoft Sentinel Logs Blade streamlines searching with just a simple toggle switch.

Using Microsoft Purview for Data Classification and Labeling to Secure Generative AI

19 implied HN points 20 Nov 23
🕹 Technology AI Data Governance Security Generative AI
  1. Data classification and labeling can enhance data quality by ensuring authenticity, reliability, and relevance, and help remove unnecessary or erroneous data for Generative AI systems.
  2. Data classification and labeling can safeguard data privacy and confidentiality, prevent unauthorized access, and aid in compliance with data protection regulations like GDPR and CCPA.
  3. Using Microsoft Purview for data classification and labeling can efficiently manage data access, apply sensitivity labels, and provide insights to improve data security and reliability for Generative AI.

Must Learn AI Security Epilogue: Securing AI is a Three-Pronged Approach

19 implied HN points 25 Oct 23
🕹 Technology AI Security Code Data Access
  1. Securing AI involves three main aspects: secure code, secure data, and secure access. It is crucial to ensure that AI systems are free of errors, vulnerabilities, and malicious components.
  2. Developers and users should follow practices like code review, testing, data encryption, and authentication to mitigate threats such as code injections, data poisoning, unauthorized access, and denial of service.
  3. The shared responsibility model defines security tasks handled by AI providers and users. It is important to understand the responsibility distribution between the provider and the user based on the type of AI deployment, such as SaaS, PaaS, or IaaS.

Microsoft Sentinel SOC 101: How to Detect and Mitigate Zero-day Exploits with Microsoft Sentinel

19 implied HN points 10 Oct 23
🕹 Technology Security Cloud Computing Threat Detection Data Analysis Automation
  1. Zero-day exploits are dangerous because they exploit unknown software vulnerabilities and can have severe consequences like data breaches and system disruptions.
  2. To protect against zero-day exploits, organizations can monitor reported vulnerabilities, install next-generation antivirus solutions, perform rigorous patch management, segment networks with firewalls, and deploy advanced endpoint protection solutions.
  3. Microsoft Sentinel, a cloud-native SIEM solution, can help organizations protect against zero-day exploits by collecting data at cloud scale, detecting threats with analytics and intelligence, and investigating and responding with automation and orchestration.

Must Learn KQL Part 10: The Count Operator

19 implied HN points 31 May 23
🕹 Technology Data Analysis
  1. Using the count operator in KQL can help understand the overall impact of a situation by providing the exact number of occurrences of a specific event or data in a table.
  2. The count operator syntax is simple, with just the table name followed by the count operator, making it easy to implement in queries.
  3. Adding the count operator to queries can significantly enhance their impact by providing summarized, relevant data instead of rows of information to manually sift through.

Must Learn KQL Part 8: The Where Operator

19 implied HN points 31 May 23
🕹 Technology Data Analysis
  1. The Where Operator in KQL is essential for filtering and retrieving exact, actionable data, improving query performance.
  2. When learning KQL, it's beneficial to type out queries character-by-character to solidify new knowledge.
  3. Consider using the KQL Playground as a learning environment to avoid frustrations with example queries not showing results.

Must Learn KQL Part 7: Schema Talk

19 implied HN points 31 May 23
🕹 Technology Data Analysis Cloud Computing Query Language
  1. Understanding the table schema in KQL is vital as it helps in finding data in an organized manner with the use of columns and types.
  2. KQL column types are basic, time, and complex, and knowing them alters the query approach for specific columns.
  3. The UI in KQL provides shortcuts for querying tables, expanding tables to view schema, using functions like stored procedures, and filtering data columns.

Getting IBM X-Force Exchange Threat Intelligence TAXII Service Information for Use with Microsoft Sentinel

19 implied HN points 11 Apr 23
🕹 Technology Security Software Data
  1. To access IBM X-Force Exchange Threat Intelligence for Microsoft Sentinel, get an account at exchange.xforce.ibmcloud.com and retrieve API key and password.
  2. Once you have the API info, input it in the provided areas on the IBM X-Force Exchange API Docs page.
  3. To use the Threat Intelligence - TAXII connector in Microsoft Sentinel, provide your API information and use a Curl utility to show available Collection IDs.

Must Learn KQL Part 20: Building Your First Microsoft Sentinel Analytics Rule

19 implied HN points 31 May 23
🕹 Technology Data Analysis Security
  1. Understanding the Kusto Query Language (KQL) is essential for utilizing tools like Microsoft Sentinel to monitor security and detect threats.
  2. Building your first Microsoft Sentinel Analytics Rule involves filtering data, summarizing information, and assigning entities for investigations.
  3. Creating a Watchlist in Microsoft Sentinel can enhance the intelligence of your KQL query by filtering out trusted users and capturing potential threats more accurately.

Must Learn KQL Part 19: The Join Operator

19 implied HN points 31 May 23
🕹 Technology Data Analysis
  1. The Join operator in KQL is used to merge rows from two tables by matching values of specified columns.
  2. Using different flavors of Join, like inner, leftouter, rightouter, and fullouter, can change how data is displayed in the results.
  3. To practice and understand the Join operator better, examples can be tested in the KQL Playground or explored in advanced tutorials like 'Addicted to KQL'.

Must Learn KQL Part 18: The Union Operator

19 implied HN points 31 May 23
🕹 Technology Data Analysis Query Language Data Integration
  1. The Union operator in KQL allows you to combine data from multiple tables to display all rows together, while the Join operator is used for more specific results by matching column values of two tables.
  2. Union in KQL supports wildcard usage to merge multiple tables and can be used to combine tables from different data sources like Log Analytics Workspaces.
  3. In Microsoft security tools like Microsoft Sentinel and Defender, the Join operator is commonly used for creating Analytics Rules for specific results, while Union is useful for advanced hunting tasks.

Must Learn KQL Part 17: The Let Statement

19 implied HN points 31 May 23
🕹 Technology Data Analysis Programming Cloud Computing
  1. The Let statement in KQL allows you to create variables that can be used throughout the query, aiding in better query performance.
  2. Let statements can be used to create variables either from scratch, from existing data, or from Microsoft Sentinel Watchlists.
  3. It's important to properly finalize the Let statement with a semicolon to ensure the variable is stored correctly for query execution.

What Does Private Preview, Public Preview, and GA Mean?

19 implied HN points 22 May 23
🕹 Technology
  1. Private Preview is feature complete but not publicly announced, not recommended for production use, and has no SLA.
  2. Public Preview is feature complete, recommended for production use, might not be available to all customers in a region, and lacks SLA.
  3. GA (Generally Available) is accessible to all customers in a region, expanding to multiple regions, and backed by an SLA.

Must Learn KQL Part 14: The Project Operator

19 implied HN points 31 May 23
🕹 Technology Data Analysis
  1. Using the Project operator in KQL allows selecting specific data columns to display, providing efficiency for security analysis.
  2. The Project operator variants like Project-away, Project-keep, Project-rename, and Project-reorder offer additional functionalities like excluding columns, renaming headers, and reordering columns in query results.
  3. Understanding and utilizing these Project operator variants can enhance data visualization and streamline data analysis processes in Kusto Query Language.

Must Learn KQL Part 13: The Extend Operator

19 implied HN points 31 May 23
🕹 Technology Data Analysis Programming Data Visualization
  1. Custom data views in KQL are crucial for tailoring information to each environment's unique requirements for security and operations.
  2. The Extend operator in KQL allows users to create custom columns in real-time for query results, enhancing data analysis and presentation.
  3. By using the Extend operator, it's possible to generate calculated columns, append them to results, and combine existing data to display meaningful information in KQL queries.

Getting Responses to Questions from Azure Open AI ChatGPT in a CMD Window

19 implied HN points 19 Apr 23
🕹 Technology AI Python Security Coding
  1. The author has been exploring Azure Open AI ChatGPT and its security implications, highlighting the importance of understanding security when implementing new technologies.
  2. A simple command-line Chatbot utilizing external files for configuration data and questions was created to demonstrate the possibilities with Azure Open AI ChatGPT.
  3. To use the command-line Chatbot, access to Azure Open AI, Python, and specific Python libraries is required.

Must Learn KQL Part 12: The Render Operator

19 implied HN points 31 May 23
🕹 Technology Data Analysis Visualization Learning
  1. The Render operator in KQL allows you to turn data into visualizations like area graphs, bar charts, and pie charts among others.
  2. Using KQL to create visualizations is crucial for tasks like developing dashboards in Microsoft Sentinel, providing real-time insights to security teams.
  3. Learning to transform data into graphs and charts can make information more engaging and appealing, especially for visual or hands-on learners.

Must Learn KQL Part 11: The Summarize Operator

19 implied HN points 31 May 23
🕹 Technology Data Analytics Programming
  1. The Summarize operator in KQL is used to aggregate and summarize data, making it more meaningful.
  2. The operator can be used for both simple aggregations like count, sum, and average, as well as more advanced functions like arg_min and percentiles.
  3. To master the Summarize operator, it's important to practice with different types of queries in tools like the KQL Playground.

How to Export and Import KQL Query Packs

19 implied HN points 30 Jan 23
🕹 Technology Azure GitHub
  1. Export Log Analytics Query Packs in Azure by downloading a .json file from the Azure portal.
  2. Import Log Analytics Query Packs to other locations by pasting the exported .json file contents into the template editor in the Azure portal.
  3. An alternative way to deploy Log Analytics Query Packs is by uploading the template.json file to a GitHub repository and using a Deploy to Azure button linked to the file.

Connecting Azure Active Directory to Microsoft Sentinel Through the Diagnostic Setting

19 implied HN points 24 Jan 23
🕹 Technology Azure Security Integration
  1. Having trouble connecting Azure Active Directory to Microsoft Sentinel? Use the Azure Active Directory Diagnostic Setting as an alternative.
  2. When facing problems enabling the Azure Active Directory connector in Microsoft Sentinel, consider creating or editing a Diagnostic Setting.
  3. If affected by connecting issues, open a ticket to help ensure quicker resolution.

How to Get a List of Your Active Analytics Rules for Microsoft Sentinel

19 implied HN points 12 Jan 23
🕹 Technology Data Analytics Microsoft Sentinel API
  1. To get a list of active Analytics Rules in Microsoft Sentinel, use the Workspace Usage Report Workbook's Active Rules via Rest API module to download a CSV file of the results.
  2. You can also access a list of Analytics Rule templates by utilizing the Rule Templates via Rest API module.
  3. Consider exploring Twitter, LinkedIn, or subscribing to newsletters for further engagement with the topic.

Receive an Email Notification Each Morning with the List of Daily Microsoft Sentinel Incidents Created

19 implied HN points 09 Jan 23
🕹 Technology Email Automation Security Incident Management
  1. Receive an email notification each morning with the list of daily Microsoft Sentinel incidents created.
  2. The Logic App provided automates the process of checking and compiling incident details for easy access.
  3. Customize the email notification further by filtering incidents based on severity levels for more targeted updates.

How to Query HaveIBeenPwned Using a Microsoft Sentinel Playbook

19 implied HN points 09 Jan 23
🕹 Technology Cybersecurity APIs Guides Microsoft
  1. You can query HaveIBeenPwned using a Microsoft Sentinel Playbook. This enables you to check if email addresses associated with an Incident have been compromised in data breaches.
  2. There is a fee of $3.50 per month to use the HaveIBeenPwned API, but you can pay for a single month to test its value.
  3. Ensure you obtain the API key before deploying the Playbook and make sure to properly connect accounts and input the API key in the designated field.

Viewing Microsoft Sentinel Rules with MITRE Tactics Directly in Excel

19 implied HN points 09 Jan 23
🕹 Technology Security Data Management Software Microsoft
  1. Known options for viewing Microsoft Sentinel rules with MITRE tactics include the MITRE ATT&CK Workbook, the MITRE ATT&CK Blade, Threat Analysis & Response Solution, and the Sentinel REST API.
  2. A lesser-known trick is to view the list directly in Excel by accessing a .csv file on the Microsoft Sentinel GitHub repository and importing it into Excel.
  3. By following simple steps, you can leverage Microsoft Excel to analyze and manipulate the Microsoft Sentinel rules and MITRE tactics data.

Building Microsoft Sentinel Incident Tasks Recipes

19 implied HN points 09 Jan 23
🕹 Technology Security Cloud Computing
  1. Microsoft Sentinel Incident Tasks allow organizations to create a documented set of methods to handle different security events, enhancing team efficiency and ensuring critical steps are not missed.
  2. While tools like SOC Process Framework or Incident Response Playbooks provide guidance, security teams need to customize the approach based on specific scenarios and individual environments.
  3. GitHub repository for Microsoft Sentinel Incident Tasks Recipes is available for collaboration and sharing additional guidance on investigating and developing tasks.

Building Your Own Potential Malicious Events Heatmap for Microsoft Sentinel

19 implied HN points 09 Jan 23
🕹 Technology Security Software
  1. Some organizations miss the heatmap feature in Microsoft Sentinel, and you can create your own version
  2. To create your heatmap, you need to create a new Workbook in Microsoft Sentinel, add a query module, input the code, and adjust map settings
  3. While the new heatmap may not be exact, it serves as a starting point and can be further customized to match your needs

Introduction to Mad Prompts: Copilot for Security is a blank

1 HN point 04 Mar 24
🕹 Technology AI Security Generative AI Prompting Microsoft
  1. Mad Libs game can be a fun and educational tool to practice parts of speech and create hilarious stories with friends.
  2. Proper prompting is crucial for AI systems to generate accurate and relevant responses, understand user intent, and enhance user experience.
  3. Learning how to prompt effectively, especially for security purposes, requires education and can be made fun using games like Mad Libs.