Azure Sentinel Updates

Hello Folks !!

I am back with a new blog , with a new update related to azure security related component - "Azure Sentinel". Here I will share the latest updates related to azure sentinel . We all know how important is security related aspect this day's . So frequent changes are needed related to security in cloud. To protect our data and infrastructure.

First let us understand  what actually is Azure sentinel and how it works.

What is Microsoft Azure sentinel 

Microsoft Sentinel is a scalable, cloud-native, security native and data delivery tool . It delivers security analytics data of your infrastructure and also  threat related issue's  across the enterprise, it provides  a good solution for attack detection, threat visibility, and  threat response.

Some of the most common use of Azure sentinel is as follows - 

1) It collects data from your infrastructure and native applications and provide a proper UI for this.

2) It detects the thread  and act accordingly.

3) Investigates threat with Azure AI.

4) Responds to threat actively with automation acts.

How to install or activate azure sentinel for your use - 

Yo can use this Microsoft link to get started - https://docs.microsoft.com/en-us/azure/sentinel/quickstart-onboard

It will help you!!

Now lets move to our headline , what are the updates that Azure sentinel have - 

1) New automation rules - 

They have now automated runbooks that are built on alert trigger . Previously this can be run only by attaching them to analytics rules on an individual basis. With this alert trigger a single automation rule can be attached to many analytics rules .It will allow you manage playbooks and analytics in a centralized way.

2) Integrated Data loss prevention in Microsoft sentinel - 

You can view all the DLP alerts under incidents in Microsoft 365 defender incident queue. You can retain the alerts in 180 day's . You can also hunt for compliance logs for the security logs under advance hunting.

3) Custom Log ingestion - 

 It allows you to send custom-format logs from any data source to your Log Analytics workspace, and store those logs either in certain specific standard tables, or in custom-formatted tables that you create.

4) View MITRE support - 

Microsoft Sentinel now provides a new MITRE page, which highlights the MITRE tactic and technique coverage you currently have, and can configure, for your organization.

Select items from the Active  menus at the top of the page to view the detections currently active in your workspace, and the simulated detections available for you to configure.

5) Restore archive logs from search - 

When you need to do a full investigation on data stored in archived logs, restore a table from the search page in Microsoft Sentinel. It Specifies a target table and time range for the data you want to restore. Within a few minutes, the log data is restored and available within the Log Analytics workspace. 

Thanks!! That's all for this updates, will be back with another blog for further updates..