Rod’s Blog

Rod's Blog focuses on Microsoft Security and AI technologies, offering insights into cybersecurity best practices, the ethical use of AI, career advice in tech, and the integration of AI with security. It emphasizes the importance of certifications, mental resilience for professionals, and the evolving landscape of generative AI and cybersecurity.

Microsoft Security Technologies Artificial Intelligence Cybersecurity Best Practices Career Development in Tech Generative AI Ethics in AI and Cybersecurity Microsoft Product Integration Cybersecurity Certifications Cybersecurity for Small Businesses AI Impact on Job Market

The hottest Substack posts of Rod’s Blog

And their main takeaways

Finding the After the Blog Podcast

0 implied HN points 14 Aug 23
🎙 Podcasts
  1. The After the Blog podcast is easily accessible across various platforms like Amazon, Apple, Google, Spotify, and more.
  2. If you're looking for new podcasts to enjoy, check out the After the Blog podcast on different platforms mentioned in the post.
  3. You can even listen to the After the Blog podcast on unique platforms like Playrun for Garmin watches or YouTube.

5 Signs that You're a Must Learn KQL Addict

0 implied HN points 01 Jun 23
🕹 Technology Data Learning
  1. The article discusses 5 signs that indicate you may be obsessed with learning KQL.
  2. The post provides 10 steps related to the signs of being a KQL enthusiast.
  3. There are links and images in the post directing to more information on KQL learning.

Must Learn KQL Part 9: The Limit and Take Operators

0 implied HN points 31 May 23
🕹 Technology Data Analysis
  1. Limit and Take operators in KQL are used for similar purposes and have no functional differences - they are like fraternal twins.
  2. When using Limit and Take operators in KQL, remember that sort is not guaranteed to be preserved, results are random, and the default limit is 30,000.
  3. Limit and Take operators are very useful for trying out new queries, performing data sampling, and are a good starting point for building more complex queries.

Must Learn KQL Part 2: Just Above Sea Level

0 implied HN points 31 May 23
🕹 Technology Programming Data Analysis Cloud Computing Security
  1. KQL stands for Kusto Query Language, named after undersea pioneer Jacques Cousteau. Understanding the origin of the name can give insights into the nature and purpose of the query language.
  2. KQL is designed for quickly surfacing critical security information hidden in large datasets. Its performance and simplicity make it a valuable tool for security professionals.
  3. Efficiency, simplicity, and cloud optimization are key factors that distinguish KQL from other query languages, enhancing its ability to help security professionals identify and address threats efficiently.

Join me on Notes

0 implied HN points 11 Apr 23
🕹 Technology Social media Community Building Blogging
  1. Notes on Substack is a new space for sharing links, short posts, quotes, photos, and more.
  2. Subscribers to Rod's Blog automatically see his Notes, where they can like, reply, or share.
  3. Readers can also share their own notes, creating a space for sharing thoughts, ideas, and quotes with others.
Get a weekly roundup of the best Substack posts, by hacker news affinity:

Building Microsoft Sentinel Detections for Azure Open AI

0 implied HN points 02 Mar 23
🕹 Technology AI Security Data
  1. Questions about safety and security in Azure Open AI should be addressed early on to ensure preparedness when issues arise
  2. Monitoring Azure Open AI involves utilizing Diagnostic Settings to enable auditing logs for service activity records
  3. Building Microsoft Sentinel Detections for Azure Open AI involves querying data in AzureDiagnostics and AzureActivity tables to monitor actions and determine valuable security measures

Two New Features Sneak into the Microsoft Sentinel Incident Experience

0 implied HN points 14 Feb 23
🕹 Technology Software Tech Updates Data Management
  1. Microsoft Sentinel's new Incident experience received positive feedback and more capabilities are being added based on customer input.
  2. New features in the Incident Logs panel include enhanced export options for query results and a convenient link to open the full Log Analytics experience in a new browser tab.
  3. Further enhancements are in the works to continue improving the Microsoft Sentinel Incident experience.

How to Generate Microsoft Sentinel Incidents for Testing and Demos

0 implied HN points 23 Jan 23
🕹 Technology Cybersecurity Data Analysis Cloud Computing Monitoring Incident Response
  1. Utilize the Microsoft Sentinel Training Lab to enable a demo environment with sample alerts for testing incidents.
  2. Leverage tools like Red Canary's Atomic Red Team and AppLocker Bypass for reproducible security tests mapped to the MITRE ATT&CK framework.
  3. Experiment with generating incidents through actions like cloud shell execution, simulating brute force attacks, utilizing Microsoft Cloud App Security, and creating custom detections in Defender for Endpoints.

Top New Incident Experience Features for Microsoft Sentinel

0 implied HN points 17 Jan 23
🕹 Technology Software Security Data Management
  1. The new Microsoft Sentinel Incident experience features a new rollout model that allows users to switch between old and new experiences.
  2. The new Incident experience includes enhancements like an Activity Log accessible from the Incident menu and the ability to add comments directly in the panel overlay.
  3. Another important feature is the Incident Actions option which provides quick access to running Playbooks, creating Automation Rules, and setting up Teams channels for collaborative scenarios.

The Revoke Action for Threat Indicators in Microsoft Sentinel

0 implied HN points 12 Jan 23
🕹 Technology Security Microsoft Sentinel Threat intelligence
  1. Marking a threat indicator as 'Revoked' in Microsoft Sentinel sets a flag indicating the indicator is no longer active, excluding it from rules.
  2. By marking an indicator as 'Revoked' instead of deleting it, you can keep it excluded from rules while still being able to query against it.
  3. This feature is particularly useful for managing potential false positives from 3rd party sources in Microsoft Sentinel's Threat Intelligence blade.

The KQL Mysteries: Chapter 9

0 implied HN points 15 Feb 24
🕹 Technology Cybersecurity Mystery Investigation Data Analysis Collaboration
  1. The characters are facing a cybersecurity threat from a mysterious entity known as The Night Princess, who may be linked to a previous attacker named `Krampus_attack`.
  2. Setting traps and monitoring activity are key tactics in cybersecurity investigations to identify and catch potential threats.
  3. In the face of adversity, it is crucial to adapt strategies, stay vigilant, and think like the adversary to outsmart them.

Machine Learning vs Artificial Intelligence: What's the Difference?

0 implied HN points 16 Feb 24
🕹 Technology Machine Learning Artificial Intelligence Computer Science Data Analysis
  1. Machine learning and artificial intelligence are closely related but not the same; machine learning is a subset of artificial intelligence.
  2. Machine learning focuses on data-driven approaches for systems to learn and improve performance, whereas artificial intelligence involves a broader range of tasks requiring human-like intelligence.
  3. Artificial intelligence encompasses various methods beyond machine learning, such as rule-based systems and expert systems, and it aims to perform tasks that typically require human intelligence.

Join my chat

0 implied HN points 02 Mar 23
💼 Business Newsletter
  1. Rod Trent has set up a subscriber chat in the Substack app for exclusive interactions with his subscribers.
  2. The chat serves as a space for conversation, group chat, and live hangouts where Rod can post prompts, thoughts, and updates for discussion.
  3. Subscribers get access to the chat and other posts by signing up for a 7-day free trial on Rod's Substack publication.

How to Send Azure Storage Logs to Microsoft Sentinel

0 implied HN points 12 Jan 23
🕹 Technology Cloud Computing Security
  1. To send Azure Storage logs to Microsoft Sentinel, create a Diag Setting for each Storage account type and send the logs to the same Log Analytics Workspace.
  2. Enabling this feature incurs regular ingestion charges, so choose carefully what type of logs you want to collect.
  3. You will need to create your own Analytics Rules as they are not provided, but the author might share some sample rules on their GitHub repo.

Must Learn KQL Part 1: Tools and Resources

0 implied HN points 31 May 23
🕹 Technology Data Analysis Tools Resources Learning
  1. KQL (Kusto Query Language) is a powerful but simple query language used in tools like Defender, Microsoft Sentinel, and Intune.
  2. There are numerous resources available to learn KQL, like cheat sheets, practice environments, reference guides, and tools like Kusto.Explorer and Visual Studio Code with Kusto extensions.
  3. The Must Learn KQL series aims to provide valuable information for enhancing skills in security platforms and data-centric applications that utilize KQL.

The KQL Mysteries: Chapter 10

0 implied HN points 23 Feb 24
🕹 Technology Cybersecurity Coding Networks
  1. The protagonists employ a decoy operation using a shadow network to outsmart the antagonist, The Night Princess, in their digital battle.
  2. The effective strategy involves creating a convincing trap of valuable data on the shadow network to lure and track the intruder's movements.
  3. The story highlights the suspenseful process of tracing the intruder through a complex web of proxies, ultimately revealing their unexpectedly local location.

The KQL Mysteries: Chapter 11

0 implied HN points 01 Mar 24
🕹 Technology Cybersecurity Mystery Microsoft Web Development
  1. Jon and Jordan faced a tense situation with the Night Princess's presence in their city, leading to a dramatic confrontation at a server farm.
  2. They used KQL commands to uncover the Night Princess's infiltration and implemented a countermeasure to isolate her.
  3. The unexpected reveal of their colleague Sarah as the Night Princess left them with a difficult choice of trusting her to strengthen security or exposing her and risking vulnerabilities.

How to Quickly Tell Which Microsoft Sentinel Tables are Configured as Basic Logs

0 implied HN points 12 Jan 23
🕹 Technology Software Microsoft Security
  1. Basic Logs in Microsoft Sentinel is a preview feature that offers a cheaper way to ingest logs, but with some limitations.
  2. Currently, there are UI and code-based methods to identify tables configured as Basic Logs, with a new method on the way.
  3. A new feature in preview will introduce a Tables blade in the Log Analytics workspace to filter tables by plan, making it easier to distinguish Basic Logs configured tables.

Must Learn KQL Part 5: Turn Search into Workflow

0 implied HN points 31 May 23
🕹 Technology Workflow Analytics
  1. Query structure with KQL can help identify and investigate specific data efficiently.
  2. Using the search operator in KQL can be a powerful tool to find relevant information but filtering results is essential to minimize effort.
  3. Learning KQL basics like the where operator and project operator can aid in creating precise queries for analytics rules in tools like Microsoft Sentinel.

AI on AI Security

0 implied HN points 28 Aug 23
🕹 Technology AI Security
  1. The post discusses AI on AI security.
  2. Rod Trent is the author of the post.
  3. The post includes links to subscribe to various newsletters and learn more about AI security.

Must Learn AI Security

0 implied HN points 29 Aug 23
🕹 Technology AI Security
  1. The post is about 'Must Learn AI Security', focusing on AI security learning and resources.
  2. The content includes a food theme and shares various resources for learning AI security.
  3. There are links to subscribe to newsletters and learn more about AI security through books and series.

How to Use a Playbook to Add Geographical Data for IP Addresses to a Microsoft Sentinel Incident

0 implied HN points 09 Jan 23
🕹 Technology Data Management Cybersecurity GitHub Cloud Computing
  1. A Playbook can be used to add geographical data for IP addresses to a Microsoft Sentinel Incident by querying IP-API.com and storing information in the Comments section.
  2. Storing more information in the Comments section instead of Tags provides flexibility and depth for investigations.
  3. Enhancing investigation context with detailed geographical data can help expedite the closing of Incidents.

Is Moving the Sentinel Workspace to Another Resource Group or Subscription Supported?

0 implied HN points 09 Jan 23
🕹 Technology Azure Microsoft
  1. Moving Microsoft Sentinel workspace to another resource group or subscription isn't supported currently. Check Azure Monitor Doc for guidance.
  2. Answers to common questions about workspace relocation can be found in the Azure Monitor documentation.
  3. The Azure Monitor Doc provides important considerations and guidelines regarding moving the Microsoft Sentinel workspace.

How to Get the KQL Query Created by the New 365 Defender Query Builder

0 implied HN points 09 Jan 23
🕹 Technology IT Tools Software
  1. The new KQL Query Builder for 365 Defender is in public preview, allowing users to create and execute KQL queries without writing code.
  2. Despite the availability of the Query Builder, it's still important to learn KQL as a crucial skill, similar to knowing PowerShell.
  3. The Query Builder also serves as a useful learning tool, as users can still access the KQL query that powers the search results, helping them understand and improve their KQL skills.

New Sentinel Role: Playbook Operator

0 implied HN points 09 Jan 23
🕹 Technology Cybersecurity Roles Automation
  1. A new role called Microsoft Sentinel Playbook Operator has been introduced, allowing analysts to run specific playbooks or a Resource Group of multiple playbooks.
  2. This role provides Run access to playbooks but does not allow editing them. It also facilitates the assignment of groups of playbooks to analysts through RBAC as part of Resource Groups.
  3. Customers have been requesting expanded roles like this for some time, so the introduction of the Playbook Operator role is a positive step forward.

Must Learn KQL Part 6: Interface Intimacy

0 implied HN points 31 May 23
🕹 Technology Data Analysis User Interface Query Language Visualization
  1. Understanding the User Interface (UI) is crucial when starting with Kusto Query Language (KQL) as it provides a visual way to interact with the data.
  2. Filtering, sorting, grouping, selecting columns, and setting time ranges are important functions within the UI for manipulating and viewing data effectively.
  3. The UI also offers features like saving queries, sharing queries, formatting queries, exporting query results, creating alert rules, pinning visualizations, and utilizing keyboard shortcuts for efficient query development.

Easy Way to Build KQL Query Templates for Azure Services

0 implied HN points 06 Jan 23
🕹 Technology Azure Templates Services Querying
  1. You can easily build KQL query templates for Azure services by utilizing the Open Query option in the Azure portal.
  2. The Open Query option takes you to Azure Resource Graph Explorer and generates a KQL query specific to the service you're accessing.
  3. Not all Azure services have this option, so be sure to check the All Services pane in Azure to see which services support KQL queries.

Must Learn KQL Part 3: Workflow

0 implied HN points 31 May 23
🕹 Technology Data Analysis Security Query Language Workflow
  1. Understanding the workflow of a KQL query is crucial for developing your logic and ensuring query results capture the desired information.
  2. Focus on comprehending the query line-by-line rather than becoming a pro at creating KQL queries on day 1. What matters most are the results of the query in enhancing security efforts.
  3. Sharing KQL queries among colleagues and utilizing built-in capabilities in Azure can eliminate the need to create your own queries, emphasizing the importance of understanding the workflow.

Open Sourcing Discussions and Content for Responsible and Secure AI

0 implied HN points 24 Feb 23
🕹 Technology AI Security Open Source
  1. Monitoring security for AI technologies is still in its early stages, with similarities to other security monitoring approaches.
  2. Open sourcing discussions and content can enhance collaboration and understanding in the field of responsible and secure AI.
  3. Resources like the OpenAISecurity repo, the Responsible and Secure AI manifesto, and Microsoft Sentinel content are valuable tools for those interested.

The Easy Way to Get the ARM Deployment Template for a Microsoft Sentinel Solution

0 implied HN points 06 Jan 23
🕹 Technology Software Templates Development
  1. You can easily obtain the ARM deployment template for a Microsoft Sentinel Solution through the UI.
  2. During the normal installation process of the Solution, choose 'Download template for automation' at the end of the installation wizard.
  3. The generated template allows you to download it, add it to your ARM template library, adjust parameters, variables, and resources, and deploy it as needed.

Unsecure Employee Behavior

0 implied HN points 04 Mar 24
🕹 Technology Cybersecurity Training Data Breaches Security Measures
  1. Unsecure employee behavior, like clicking on phishing emails and using weak passwords, poses a significant threat to an organization's data security.
  2. To address these risks, companies should focus on educating employees, implementing strict security protocols, and fostering a culture of security awareness and responsibility.
  3. Common unsecure behaviors include sharing passwords, using unsecured Wi-Fi networks, and failing to update software, all of which can lead to data breaches and cyberattacks.

GPT Bias: A Challenge for Responsible AI

0 implied HN points 27 Feb 24
🕹 Technology AI Bias Ethics Language Models Data
  1. GPT models can inherit and amplify biases from the data they are trained on, leading to negative impacts like misinformation and discrimination.
  2. GPT bias stems from both data bias (issues with the training data) and model bias (issues with the model design and architecture).
  3. There have been advancements in GPT models over the years, with newer versions like GPT-4 implementing techniques to reduce biases compared to earlier versions.

Brief: Copilot for Security as a Tool for Threat Hunting

0 implied HN points 14 Feb 24
🕹 Technology Cybersecurity Artificial Intelligence Automation Cloud Computing
  1. Threat hunting is a proactive cybersecurity practice that aims to uncover hidden threats in a network or system.
  2. Benefits of threat hunting include reducing attacker dwell time, preventing damage post-breach, and improving security team capabilities.
  3. Using Copilot for Security as a tool for threat hunting can enhance data sources, address management resistance, and empower security teams with AI and automation.