Sign up to save your podcasts
Or
Share The Security Insights Show Episode 292 - Sentinel Graph and data lake
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
The Security Insights Show Episode 292 - Sentinel Graph and data lake
We’re excited to welcome back Gary Bushey (Security Architect at Cyclotron) for a deep technical episode covering:
* Microsoft Sentinel Data Lake – architecture, scaling, cost optimization, and real-world best practices
* Sentinel Graph – powerful new capabilities, dynamic investigations, hidden risk discovery, and how it’s changing threat hunting
Gary brings extensive hands-on experience and has contributed to official Microsoft guidance on these topics. Expect practical insights you can use immediately.
Guest link - Home - Cyclotron
Gary Bushey - linkedin.com/in/gary-bushey
Websites and blog:
github.com (Other)
garybushey.com (Blog)
Words of Wisdom:
“You can be whatever you want, so be the person who ends meetings early”
General
* Monthly news – May 2026 | Microsoft Defender XDR Blog
* Microsoft Agent 365, now generally available, expands capabilities and integrations | Microsoft Security Blog
* How Storm-2949 turned a compromised identity into a cloud-wide breach | Microsoft Security Blog
* Kazuar: Anatomy of a nation-state botnet | Microsoft Security Blog
AI Security
* When configuration becomes a vulnerability: Exploitable misconfigurations in AI apps | Microsoft Security Blog
* Defense at AI speed: Microsoft’s new multi-model agentic security system | Microsoft Security Blog
Agent365
* Microsoft Agent 365, now generally available, expands capabilities and integrations | Microsoft Security Blog
* What’s New in Agent 365: May 2026 | Microsoft Tech Community
* Overview of Microsoft Agent 365 | Microsoft Learn
* Microsoft Agent 365 documentation hub | Microsoft Learn
Azure Security & Defender for Cloud News
* What’s new in Defender for Cloud features (May/June 2026 updates) | Microsoft Learn
Threat Intelligence
* How Storm-2949 turned a compromised identity into a cloud-wide breach | Microsoft Security Blog
* Kazuar: Anatomy of a nation-state botnet | Microsoft Security Blog
Microsoft Entra
* What’s New in Microsoft Entra: May 2026 | Microsoft Tech Community
Device Management & Protection (Intune)
* What’s new in Microsoft Intune (May/June 2026) | Microsoft Learn
Defender XDR & Sentinel
* Monthly news – May 2026 | Microsoft Defender XDR Blog
* What’s new in Microsoft Sentinel | Microsoft Learn
* Best practices for Microsoft Sentinel | Microsoft Learn
* Defender XDR + Sentinel integration guide | Microsoft Learn
* Agent 365 connector: Monitor, hunt, and investigate AI agent activity in Microsoft Sentinel | Microsoft Sentinel Blog
Copilot for Security
* Microsoft Security Copilot overview | Microsoft Learn
* Security Copilot agents overview | Microsoft Learn
Purview – Compliance & Governance
* Microsoft Purview protections for generative AI & Copilot | Microsoft Learn
* Use Microsoft Purview to manage data security for Microsoft 365 Copilot | Microsoft Learn
* Purview for AI agents & Agent 365 | Microsoft Learn
Featured Resources & Deep Dives
* Setup & deployment guide for Microsoft Defender XDR
* Advanced hunting best practices in Defender XDR
* Best practices for data collection in Sentinel
* Configure a secure foundation for Microsoft 365 Copilot
* Security for AI solutions hub
What’s New in Defender (May / June 2026)
* What’s new in Microsoft Defender XDR | Microsoft Learn (Official Reference)
* (Preview) Automatic attack disruption can now isolate compromised devices from the network
* In advanced hunting, the Take action wizard now lets you allow or block top-level domains and file attachment hashes in emails
* New identity-focused predefined scenarios in the hunting graph (Kerberoast, AS-REP roast, OAuth risks, etc.)
* Enhanced AI agent visibility and context mapping (expanding in June)
Featured Items This Week:
New Roadmap Items:
Updated Roadmap Items:
New Message Center Items:
Updated Message Center Items:
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com
View all episodes
By Rod TrentWe’re excited to welcome back Gary Bushey (Security Architect at Cyclotron) for a deep technical episode covering:
* Microsoft Sentinel Data Lake – architecture, scaling, cost optimization, and real-world best practices
* Sentinel Graph – powerful new capabilities, dynamic investigations, hidden risk discovery, and how it’s changing threat hunting
Gary brings extensive hands-on experience and has contributed to official Microsoft guidance on these topics. Expect practical insights you can use immediately.
Guest link - Home - Cyclotron
Gary Bushey - linkedin.com/in/gary-bushey
Websites and blog:
github.com (Other)
garybushey.com (Blog)
Words of Wisdom:
“You can be whatever you want, so be the person who ends meetings early”
General
* Monthly news – May 2026 | Microsoft Defender XDR Blog
* Microsoft Agent 365, now generally available, expands capabilities and integrations | Microsoft Security Blog
* How Storm-2949 turned a compromised identity into a cloud-wide breach | Microsoft Security Blog
* Kazuar: Anatomy of a nation-state botnet | Microsoft Security Blog
AI Security
* When configuration becomes a vulnerability: Exploitable misconfigurations in AI apps | Microsoft Security Blog
* Defense at AI speed: Microsoft’s new multi-model agentic security system | Microsoft Security Blog
Agent365
* Microsoft Agent 365, now generally available, expands capabilities and integrations | Microsoft Security Blog
* What’s New in Agent 365: May 2026 | Microsoft Tech Community
* Overview of Microsoft Agent 365 | Microsoft Learn
* Microsoft Agent 365 documentation hub | Microsoft Learn
Azure Security & Defender for Cloud News
* What’s new in Defender for Cloud features (May/June 2026 updates) | Microsoft Learn
Threat Intelligence
* How Storm-2949 turned a compromised identity into a cloud-wide breach | Microsoft Security Blog
* Kazuar: Anatomy of a nation-state botnet | Microsoft Security Blog
Microsoft Entra
* What’s New in Microsoft Entra: May 2026 | Microsoft Tech Community
Device Management & Protection (Intune)
* What’s new in Microsoft Intune (May/June 2026) | Microsoft Learn
Defender XDR & Sentinel
* Monthly news – May 2026 | Microsoft Defender XDR Blog
* What’s new in Microsoft Sentinel | Microsoft Learn
* Best practices for Microsoft Sentinel | Microsoft Learn
* Defender XDR + Sentinel integration guide | Microsoft Learn
* Agent 365 connector: Monitor, hunt, and investigate AI agent activity in Microsoft Sentinel | Microsoft Sentinel Blog
Copilot for Security
* Microsoft Security Copilot overview | Microsoft Learn
* Security Copilot agents overview | Microsoft Learn
Purview – Compliance & Governance
* Microsoft Purview protections for generative AI & Copilot | Microsoft Learn
* Use Microsoft Purview to manage data security for Microsoft 365 Copilot | Microsoft Learn
* Purview for AI agents & Agent 365 | Microsoft Learn
Featured Resources & Deep Dives
* Setup & deployment guide for Microsoft Defender XDR
* Advanced hunting best practices in Defender XDR
* Best practices for data collection in Sentinel
* Configure a secure foundation for Microsoft 365 Copilot
* Security for AI solutions hub
What’s New in Defender (May / June 2026)
* What’s new in Microsoft Defender XDR | Microsoft Learn (Official Reference)
* (Preview) Automatic attack disruption can now isolate compromised devices from the network
* In advanced hunting, the Take action wizard now lets you allow or block top-level domains and file attachment hashes in emails
* New identity-focused predefined scenarios in the hunting graph (Kerberoast, AS-REP roast, OAuth risks, etc.)
* Enhanced AI agent visibility and context mapping (expanding in June)
Featured Items This Week:
New Roadmap Items:
Updated Roadmap Items:
New Message Center Items:
Updated Message Center Items:
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com