Monitoring Updates to the Microsoft Sentinel GitHub Repo
Atom-ize
The official Microsoft Sentinel GitHub repository lives here: http://aka.ms/SentinelGitHub
This repository contains all the content you see in the Microsoft Sentinel console, including Analytics Rules, Playbooks, Solutions in Content Hub, Workbooks, Hunting Queries, etc., etc., etc.
This is also the repository that is used to update the content in the Microsoft Sentinel console. When something is updated here, it will be available for updating Microsoft Sentinel.
I monitor this repository constantly to watch for important changes, updates, and new things on the horizon. Because if something new is coming, it happens here first.
So, if you’re ever interested in how I stay on top of updates, I use a Logic App to do it.
The following Logic App runs on a daily basis (the Recurrence module). It pulls in the RSS feed (the List all RSS feed Items module). It then parses each line from the RSS feed (the For Each module) and posts them to a Microsoft Teams channel (the Post Message in a Chat or Channel module).
The following is what this looks like in Microsoft Teams.
Now, it does take some additional effort to sift through the many, many updates per day, but if there are particular items that are more important to you than others, you can parse and filter the RSS feed even more to only post the things you’re interested in.
The feed you want is: https://github.com/Azure/Azure-Sentinel/commits/master.atom
As another thought, you could also want this in your Inbox or in Slack (or others) instead of Microsoft Teams. I prefer Microsoft Teams, but it’s up to you where you find the most value.
[Want to discuss this further? Hit me up on Twitter or LinkedIn]
[Subscribe to the RSS feed for this blog]
[Subscribe to the Weekly Microsoft Sentinel Newsletter]
[Subscribe to the Weekly Microsoft Defender Newsletter]
[Learn KQL with the Must Learn KQL series and book]
Great read!