At the RSA Conference in May, we were excited to announce the release of Azure Sentinel solutions, a new way for Azure Sentinel customers to discover and deploy use cases and integrations faster than ever.
Solutions make it easy to enable new use-cases for Azure Sentinel by consolidating related data connectors, analytics rules, interactive workbooks, and automation playbooks into a single package to deliver end-to-end product or domain or industry vertical value for customers.
With solutions, customers can more easily detect and respond to threats with out-of-the-box content for their critical use cases, all in one package. They can empower their SOC team with content developed by Microsoft’s security experts – and our trusted technology partners – with instant deployment. Our investment in solutions and our expanding partner network is key to helping customers stay secure and protect their organizations.
A new blade in Azure Sentinel offers a growing marketplace of solutions designed to help customers protect their entire digital estate and integrate Azure Sentinel with their existing security infrastructure to operationalize their critical use cases. The marketplace now features more than 40 solutions, including:
Solutions makes it easier and faster for customers to use Azure Sentinel. They also represent a significant opportunity for our technology partners.
Solutions make it easier than ever for joint customers to discover, deploy, and maximize the value of the integrations that our technology partners create. With solutions, partners can:
Unlock more value for your current customers and create new use cases. When you build an Azure Sentinel solution, you’re giving your customers everything they need to start maximizing the security value that your product or service already gives them – by building detections on top of that data, enabling them to cross-correlate it with the rest of their ecosystem, streamline investigation via the investigation graph, automate responses, and more. By delivering solutions you have an opportunity to deeply integrate with each of these Azure Sentinel SIEM and SOAR capabilities to not only deliver combined value for your current offerings but also expand to newer use cases that Azure Sentinel has to offer currently and in the future.
Reach new customers. Broaden discoverability and reach a new customer base through the Azure Sentinel solutions marketplace. Azure Sentinel solutions integrate with Azure Marketplace, and the solutions you deliver is showcased both in Azure Sentinel solutions blade as well as the Azure Marketplace. Hence delivering solutions gives you a direct connection to a potentially new and broad customer base.
Productize your investments. Enable customers to deploy integrations with just a few clicks by combining content into one single, easily discoverable, easily deployable package - consolidating value across data connectors, analytics, playbooks, and more. With solutions, you are delivering a combined productized value for your offerings in Azure Sentinel to deliver end-to-end scenarios in Azure Sentinel for our mutual customers.
Here are some examples of use cases partners can deliver as Azure Sentinel solutions:
As we continue to build more value into solutions and work with technology partners to expand our library of solutions, the potential possibilities with solutions will only continue to grow.
So, how can technology partners get started with building their own Azure Sentinel solution? There are three key steps to this process: building content, packaging content, and listing the offering. Refer to the Azure Sentinel solutions build guide for further details on this 3-step process.
First, you need to start by building the content you want to include in your solution – including data connectors, workbooks, playbooks, analytics, hunting rules, and more. You can learn more about how to create content in the Azure Sentinel GitHub getting started documentation.
After content is submitted, it will be validated and reviewed by the Azure Sentinel team. After any feedback is addressed, you can move on to packaging your content.
Publish the solution
The Azure Sentinel solution publishing process is powered by the Microsoft Partner Center. After a one-time registration in the Partner Center, you can create your offering, configure its details, and publish. During this phase, the Azure Sentinel team will also step in to help you get this solution listed in the Azure Sentinel solutions gallery within the Azure Sentinel interface. Refer to Step-3 in the Azure Sentinel solutions build guide for step-by-step guidance.
We’re very excited about the new possibilities that the launch of Azure Sentinel solutions opens and the wider audience that it gives our technology partners. This is only the beginning, and we’re looking forward to continuing to expand the capabilities of solutions and tap into the possibilities that they offer.
If you’re interested in building an Azure Sentinel solution, now is the perfect time to get started building content! We recently kicked off the second annual Azure Sentinel Hackathon. This hackathon challenges security experts around the globe to build end-to-end cybersecurity solutions for Azure Sentinel that delivers enterprise value by collecting data, managing security, detecting, hunting, investigating, and responding to constantly evolving threats – plus, you can win a piece of the $19,000 cash prize pool. Learn more about the hackathon here.
To learn more about solutions, visit the following resources:
We’d love to hear from you as you embark on the solutions creation journey! Let us know your feedback using any of the channels listed in the Resources.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.