The hottest Microsoft Sentinel Substack posts right now

Having outdated Indicators of Compromise (IOCs) in your analytics rules in Microsoft Sentinel can be unproductive and consume resources. Consider cleaning up the deprecated rules to optimize performance.
Check for **[Deprecated]** rules in the Rule Templates section of the Analytics Rules blade in Microsoft Sentinel to identify outdated rules that need removal.
Consider implementing Microsoft's Threat Intelligence solution to enhance threat detection by matching log data with up-to-date IOCs generated by Microsoft.

Social engineering attacks can have devastating consequences on organizations, leading to financial loss, reputational harm, and legal issues.
Microsoft Sentinel employs machine learning, behavioral analysis, and threat intelligence to effectively detect and mitigate social engineering attacks.
To defend against social engineering, organizations should implement a comprehensive defense strategy utilizing technical controls, user awareness training, and incident response procedures.

Microsoft Sentinel's What's New page now has an RSS feed available for monitoring new features.
The RSS feed link will be officially visible on the What's New page soon.
For more detailed updates, check out the Microsoft Sentinel weekly newsletter.

To migrate to the new simplified pricing model in Microsoft Sentinel, you need specific permissions like "Microsoft.OperationsManagement/solutions/write" on the "SecurityInsights(<workspace name>)" solution resource.
Support is considering updating documentation or the built-in role for easier migration to the new pricing model.
Stay updated on resolving the permission issue by following the provided links to Microsoft Security Insights show and joining the MSI Show Discord Server.

Monitoring ChatGPT in Microsoft Sentinel involves ensuring secure and responsible AI usage
Utilizing detection rules like Watchlists can help monitor and secure ChatGPT API usage
Open-sourcing resources like KQL queries and rules aids in managing AI monitoring challenges

Get a weekly roundup of the best Substack posts, by hacker news affinity:

To get a list of active Analytics Rules in Microsoft Sentinel, use the Workspace Usage Report Workbook's Active Rules via Rest API module to download a CSV file of the results.
You can also access a list of Analytics Rule templates by utilizing the Rule Templates via Rest API module.
Consider exploring Twitter, LinkedIn, or subscribing to newsletters for further engagement with the topic.

Marking a threat indicator as 'Revoked' in Microsoft Sentinel sets a flag indicating the indicator is no longer active, excluding it from rules.
By marking an indicator as 'Revoked' instead of deleting it, you can keep it excluded from rules while still being able to query against it.
This feature is particularly useful for managing potential false positives from 3rd party sources in Microsoft Sentinel's Threat Intelligence blade.