We are announcing new Microsoft Sentinel content hub capabilities in Public Preview that includes support for standalone content, a new list view and support for bulk / at scale actions like install, update, and delete multiple solutions and standalone content in a single step. Content hub enables centralized discovery, installation, and management of 250+ solutions and 240+ standalone content, amounting to a total 2500+ OOTB content items that includes data connectors, workbooks (reports), analytic rules (detections), hunting queries, SOAR connectors and playbooks. Microsoft Sentinel solutions are packages of Microsoft Sentinel content or API integrations, which fulfill an end-to-end product, domain, or industry vertical scenario in Microsoft Sentinel. These new capabilities enable customers to discover, install and manage OOTB content at-scale easily, to keep up with the growth in OOTB content.

 

Standalone content in Content hub enables customers to discover and deploy OOTB (out-of-the-box) content that is not included in solutions. These include standalone playbooks, analytic rules, hunting queries, workbooks found either in the Microsoft Sentinel GitHub repository or in Microsoft Sentinel feature galleries. With this feature, customers have access to the vast number of OOTB content contributions from Microsoft Sentinel community, ecosystem partners and from Microsoft, in-product and in a single pane of glass. The bulk actions enable customers to efficiently manage OOTB content at scale in just a click in the current workspace.

Standalone content in Tile view

 

Use cases for Standalone and Bulk actions

Use cases for these new capabilities are as follows:

• Discover solutions and standalone content centrally with common filters like status, content type, support, provider, category, or content source (solution or standalone).
• View the standalone content by checking it in the side panel, optionally try it, and press ‘install’ button to use as-is or to customize to make it your own as shown in the diagram below.

Standalone content installation

 

• Use the list view to discover solutions and standalone content for your scenarios by leveraging enhanced search capabilities. All the filters applicable to the card view also extend to the list view. Filter by specific domain or vertical categories, other parameters like content type or provider, or use the powerful text search, to find the content that works best for your organization's needs.

List view of solutions and standalone content

 

• Select and install multiple solutions in the list view in a single step to efficiently onboard multiple OOTB content in a single step.

Bulk install

 

• Easily update all your solutions those are due for update, in just three clicks. Select solutions due for an update by selecting Status = “Update available”, select all solutions and select Install/Update button to update all solutions in a single step. Standalone content is auto updated so standalone OOTB content is always the latest.

Note: These OOTB solutions and standalone updates are for OOTB content templates and not for active or custom items cloned or created from these non-editable templates. Hence content customizations customers might have done are not impacted by these OOTB content updates. Individual feature galleries like analytics gallery, workbooks gallery, etc. have mechanisms to handle updates to active or custom content depending on respective template modifications.

Bulk update solutions

 

• Select multiple solutions and standalone content items that you may no longer need for deletion. The delete action will just delete OOTB content templates and not impact any of the active or custom content items created from these templates.

 

After installing content of your choice, enable and use the OOTB content with the content hub manage content experiences. Refer to the product documentation to learn more about enabling your installed OOTB content and manage those easily in content hub.

 

Closing

Centrally discover and deploy solutions and standalone content from community, ecosystem partners and Microsoft Research and product teams easily in Content hub for your use cases to get OOTB and complete value for your end-to-end scenarios in Microsoft Sentinel. Let us know your feedback using any of the channels listed in the Resources.

We also invite our partners to build and publish new solutions for Microsoft Sentinel. Get started now by joining the Microsoft Sentinel Threat Hunters GitHub community and follow the solutions build and publish guidance.