Home
%3CLINGO-SUB%20id%3D%22lingo-sub-860694%22%20slang%3D%22en-US%22%3EPreparing%20towards%20Azure%20Sentinel's%20GA%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-860694%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3EAs%20we%20move%20closer%20to%20general%20availability%20(GA)%2C%20you%20will%20see%20many%20changes%20in%20the%20Azure%20Sentinel.%20While%20true%20to%20the%20cloud%2C%20we%20release%20them%20as%20they%20are%20ready%2C%20the%20formal%20announcement%20will%20come%20with%20GA.%20This%20blog%20post%20lists%20some%20that%20may%20require%20your%20attention%20beforehand.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3EThose%20are%20already%20online%20today%3A%3C%2FSPAN%3E%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3EWe%20are%20replacing%20the%20current%20Dashboards%20with%26nbsp%3B%3C%2FSPAN%3E%3CA%20class%3D%22_e75a791d-denali-editor-page-rtfLink%22%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fazure-monitor%2Fapp%2Fusage-workbooks%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3EWorkbooks%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3E%2C%20which%20offer%20many%20new%20features%20not%20available%20with%20the%20current%20dashboards.%26nbsp%3B%3C%2FSPAN%3E%3CSTRONG%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3ENote%20that%20dashboards%20will%20be%20removed%20from%20Azure%20Sentinel%20with%20GA.%26nbsp%3B%3C%2FSPAN%3E%3C%2FSTRONG%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3EYou%20will%20still%20be%20able%20to%20access%20them%20using%20the%20Azure%20portal%20outside%20of%20Azure%20Sentinel.%26nbsp%3B%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3EThe%20API%20to%20enable%20and%20disable%26nbsp%3B%3C%2FSPAN%3E%3CA%20class%3D%22_e75a791d-denali-editor-page-rtfLink%22%20href%3D%22https%3A%2F%2Fazure.microsoft.com%2Fen-us%2Fblog%2Freducing-security-alert-fatigue-using-machine-learning-in-azure-sentinel%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3EFusion%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3E%26nbsp%3Bin%20Azure%20Sentinel%20is%20going%20to%20be%20deprecated.%20We%20are%20making%20it%20easier%20to%20configure%20with%20an%20option%20in%20the%20UI%2C%20and%20it%20will%20be%20turned%20ON%20by%20default.%26nbsp%3B%26nbsp%3B%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3EAs%20promised%2C%20the%20new%20Analytics%20screen%20includes%20a%20large%20number%20of%20rules%20out%20of%20the%20box%20in%20the%20%22rules%20templates%22%20tab.%20Apart%20from%20Fusion%2C%20those%20are%20not%20active%20by%20default.%20Make%20sure%20you%20apply%20those%20that%20are%20relevant%20to%20you%20using%20the%20%22create%20rule%22%20button%20for%20each%20template.%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3EWhile%20still%20not%20available%20today%2C%20note%20that%20the%20method%20to%20deploy%20CEF%20connectors%20would%20also%20change%20and%20will%20be%20more%20straightforward.%20The%20change%20would%20not%20affect%20any%20existing%20CEF%20connector%20as%20it%20related%20only%20to%20the%20deployment%20process.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-860694%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3EAs%20we%20move%20closer%20to%20general%20availability%20(GA)%2C%20you%20will%20see%20many%20changes%20in%20the%20Azure%20Sentinel.%20While%20true%20to%20the%20cloud%2C%20we%20release%20them%20as%20they%20are%20ready%2C%20the%20formal%20announcement%20will%20come%20with%20GA.%20This%20blog%20post%20lists%20some%20that%20may%20require%20your%20attention%20beforehand.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-860694%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAnnouncements%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-870706%22%20slang%3D%22en-US%22%3ERe%3A%20Preparing%20towards%20Azure%20Sentinel's%20GA%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-870706%22%20slang%3D%22en-US%22%3E%3CP%3EGreat%20that%20the%20dashboards%20are%20replaced%20by%20the%20workbooks!%20Provides%20more%20flexibility.%20I%20Did%20some%20trial%20deployments%20for%20the%20customers%20as%20well%20as%20courses.%20Luckily%20didn't%20deep%20dive%20into%20the%20Dashboards.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECouple%20of%20questions%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E1.%20Will%20the%20investigation%20be%20part%20of%20the%20GA%20as%20it%20just%20was%20in%20a%20private%20preview%3F%3C%2FP%3E%3CP%3E2.%20How%20about%20the%20delays.%20Will%20there%20be%20delays%20when%20collecting%20data%20using%20collectors%20such%20as%20AATP%20or%20CAS.%20Meaning%20that%20is%20the%20data%20real%20time%20and%20hence%20usable%20in%20SoCs%3F%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20for%20advance!%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Microsoft

As we move closer to general availability (GA), you will see many changes in the Azure Sentinel. While true to the cloud, we release them as they are ready, the formal announcement will come with GA. This blog post lists some that may require your attention beforehand.

 

Those are already online today:

  • We are replacing the current Dashboards with Workbooks, which offer many new features not available with the current dashboards. Note that dashboards will be removed from Azure Sentinel with GA. You will still be able to access them using the Azure portal outside of Azure Sentinel. 
  • The API to enable and disable Fusion in Azure Sentinel is going to be deprecated. We are making it easier to configure with an option in the UI, and it will be turned ON by default.  
  • As promised, the new Analytics screen includes a large number of rules out of the box in the "rules templates" tab. Apart from Fusion, those are not active by default. Make sure you apply those that are relevant to you using the "create rule" button for each template.

While still not available today, note that the method to deploy CEF connectors would also change and will be more straightforward. The change would not affect any existing CEF connector as it related only to the deployment process.

1 Comment
Occasional Visitor

Great that the dashboards are replaced by the workbooks! Provides more flexibility. I Did some trial deployments for the customers as well as courses. Luckily didn't deep dive into the Dashboards.

 

Couple of questions:

 

1. Will the investigation be part of the GA as it just was in a private preview?

2. How about the delays. Will there be delays when collecting data using collectors such as AATP or CAS. Meaning that is the data real time and hence usable in SoCs? 

 

Thanks for advance!