Azure Sentinel product updates

Highlighted
Microsoft

Changes and new features

 

  • Cases are now incidents: to better align with other Microsoft products; the term "cases" is changing to "incidents".

1.png

 
  • Incident comments: The comments feature enables customers to write multiple comments in the scope of an incident, and review them under the comments tab in the incident page.

2.png

  • We have removed the option for auto-deploying a CEF/Syslog connector VM. While a convenient function, we understood that it might present a security risk as this was not a managed VM, and users were in charge of securing the VM.

Blog posts

 

Other

 

Edoardo Gerosa and Olaf Hartong have presented at DefCon the "Sentinel ATT&CK", which aims to simplify rapid deployment of a threat hunting capability that leverages Sysmon and MITRE ATT&CK on Azure Sentinel. Cool staff and tons of out of the box detections

1 Reply
Highlighted
Just a little late. Noticed this during a customer demo ;)