Forum Discussion
Ryan Heffernan
Microsoft
MicrosoftJoin Our Azure Sentinel Community
Now that we have announced Azure Sentinel, we'd like to invite you to speak directly to our engineering team. We believe that the best way to improve our products is by having no barrier between you and the people that create them. That's why we need your participation in our community.
As part of our community you can influence our products and get early access to changes by participating in private previews, giving feedback, requesting features, reviewing product roadmaps, joining conference call discussions, or attending in-person events. To try out Azure Sentinel, log into your Azure Portal and then click here to join the preview.
Join Us
To join our community, click here, and then click the join button and the heart icon for Azure Sentinel, as pictured below.
Stay Updated via our Blog
To keep up-to-date on all our major announcements, please visit our blog at https://aka.ms/AzureSentinelBlog.
Check Out our GitHub Repository
We have queries, detections, playbooks, and more on our GitHub repository at https://aka.ms/AzureSentinel/GitHub and we'll be investing significant efforts developing this content. We welcome contributions and hope you benefit from the shared expertise of our entire community.
Additional Security Groups
Here's a list of other security-related groups you may want to join.
Enterprise Mobility + Security
Security, Privacy & Compliance.
Windows Defender Advanced Threat Protection
Find us on LinkedIn
We have a general discussion group on LinkedIn called the Microsoft Security Community, where I announce highlights from this site. Please join the group and feel free to connect with me.
Webinars and Private Preview Calls
We hold regular webinars and calls where we provide technical training, preview forthcoming features, gather feedback, and host discussions. Many of these allow you to join private previews. Meeting invitations for the calls are posted here in this group, so please check back regularly. Our latest Azure Sentinel webinar can be found at https://aka.ms/AzureSentinelWebinar.
We hope to hear from you soon!
Please continue providing feedback here on the Azure Sentinel Communities, if you're specifically asking for a feature request on a product go here.
https://feedback.azure.com/forums/920458-azure-sentinel
referencing Ryan's Community post : https://techcommunity.microsoft.com/t5/Azure-Advanced-Threat-Protection/Join-Our-Security-Community/m-p/311170
"
We want you to speak directly to our engineering teams. We believe that the best way to improve our security products is by having no barriers between you and the people that create them. That's why we need your participation in our security community.
As part of our community you can influence our products and get early access to changes by participating in private previews, giving feedback, requesting features, reviewing product roadmaps, joining webinars and calls, or attending in-person events.
Join Us
To join our community, click here, and then click the join button and the heart icons of the groups your are interested in, as pictured below.
"
- Witam
Wersja eksperymentalna Edge ma problem z krytycznym zatrzymaniem programu !
Uważam że część problemów wynika z nieprawidłowych definicji zagrożeń !
Które tworzą ścieżkę Błędu !
Byłoby wspaniale gdyby połączyć siły na ten problem !
Czasem wystarczy sugestia - pomysł !
Uważam że połączenie Zespołów będzie w przyszłości taka ścisła integracja jest koniecznością !
Warto to zrobić dla całej społeczności
Dziękuję Can anyone help me out with how to get list view on every row item in the grid of workbook in azure sentinel
carolinepalha if you mean to see the list view while editing any of the workbook tile, then you can change the configuration of Visualization to - 'Set by query' as shown in below
- Mo Legend69
- Okay...I'm here. Let's get started! 🙂 Also, can you post urls register for future Sentinel Calls and post the deck?
- Thanks for these excellent tooling. We enable and integrated with AAD, O365, Security Center day we heard about it and very cool so far.. I am still a bit muddy though on how my existing non-azure oms agent hosts that currently send data to an existing log analytics workspace, and how the agents gets data to ATP, Security Centre send data to Sentinel. What's the best practice for agent install on hosts to get data to all the security portals?
- Chris Boehm
I believe this comes down to where you're needing the data, the OMS agent can be multihomed
https://blogs.technet.microsoft.com/msoms/2016/05/26/oms-log-analytics-agent-multi-homing-support/
This allows you to send data to multiple different workspaces. Be aware you'll be charged twice for the data.
If you're wanting to take advantage of the services you're already paying for you should have something like this, I'm going to be using Azure Security Center as an example.
Server -> MMA/OMS Agent--> Azure Security Center --> Azure Sentinel
This way you'll still have all the data within Azure Security Center's Workspace, you'll get security related alerts ingested into Azure Sentinel.
You can take another approach as to having Azure Sentinel and Azure Security Center together by using the same workspace.
Server -> MMA/OMS Agent -> Workspace(Azure Security Center/Azure Sentinel)
You'll see a lot more raw events this way, get Azure Security Center benefits within the same workspace, but still able to use the investigation/alerts/automation with Azure Sentinel with the additional information.
Hope this helped answer your question
Chris Boehm @Andrew Huddleston
From what I can make out:
Server -> MMA/OMS Agent--> Azure Security Center --> Azure Sentinel
This would mean the data/alerts/logs would end up in *both* the ASC & the Sentinel instance?
Doubling the data costings? this may/may not be desirable?
Server -> MMA/OMS Agent -> Workspace(Azure Security Center/Azure Sentinel)
This keeps it more simple technically + single cost of data/alerts/logs storage based on retention settings.
Is this essentially correct Chris?
This seems to get to the heart of the matter: although it seems to be from a while back?
Determine the number of workspaces you need
how we cam enable azure senitel
- Chris Boehm
Sankarasubramanian Parameswaran
Please view this link to getting started with Azure Sentinel: https://docs.microsoft.com/en-us/azure/sentinel/quickstart-onboard
It's already in open preview.
- Certainly interested into it.
- interesting
- When will the cost be announced for sentinel?
I might be wrong, but I think the cost comes from your ALA (Azure Log Analytics) tier. My dev subscription currently has 18m events in Sentinel and we have not seen any increased cost so far.
I read online (see post) that they haven't decided on pricing yet, which is why I was asking. Deleted
https://azure.microsoft.com/en-us/pricing/details/azure-sentinel/
- Can you please let me know the best place to provide feedback and discuss issues for the Sentinel SIEM please? is that here or in Yammer?
- Chris Boehm
Please continue providing feedback here on the Azure Sentinel Communities, if you're specifically asking for a feature request on a product go here.
https://feedback.azure.com/forums/920458-azure-sentinel
referencing Ryan's Community post : https://techcommunity.microsoft.com/t5/Azure-Advanced-Threat-Protection/Join-Our-Security-Community/m-p/311170
"
We want you to speak directly to our engineering teams. We believe that the best way to improve our security products is by having no barriers between you and the people that create them. That's why we need your participation in our security community.
As part of our community you can influence our products and get early access to changes by participating in private previews, giving feedback, requesting features, reviewing product roadmaps, joining webinars and calls, or attending in-person events.
Join Us
To join our community, click here, and then click the join button and the heart icons of the groups your are interested in, as pictured below.
"
