New Blog Post | Azure Sentinel Information Model Fall Release: Speed and Ease

%3CLINGO-SUB%20id%3D%22lingo-sub-2750302%22%20slang%3D%22en-US%22%3ENew%20Blog%20Post%20%7C%20Azure%20Sentinel%20Information%20Model%20Fall%20Release%3A%20Speed%20and%20Ease%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2750302%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22AshleyMartin_0-1631643625539.png%22%20style%3D%22width%3A%20711px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F310392iFDD0A7F659D59202%2Fimage-dimensions%2F711x546%3Fv%3Dv2%22%20width%3D%22711%22%20height%3D%22546%22%20role%3D%22button%22%20title%3D%22AshleyMartin_0-1631643625539.png%22%20alt%3D%22AshleyMartin_0-1631643625539.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fazure-sentinel-information-model-fall-release-speed-and-ease%2Fba-p%2F2749363%22%20target%3D%22_blank%22%3EAzure%20Sentinel%20Information%20Model%20Fall%20Release%3A%20Speed%20and%20Ease%20-%20Microsoft%20Tech%20Community%3C%2FA%3E%3C%2FP%3E%0A%3CP%3EThe%20first%20schema%20to%20use%20parametrized%20parsers%20is%20the%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Fdns-normalization-schema%23filtering-parser-parameters%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EDNS%20schema%3C%2FA%3E.%20DNS%20is%20a%20high-volume%20source%2C%20and%20using%20optimized%20parsers%20enables%20the%20new%20normalized%20Threat%20Intelligence%20Analytics%20Rules%20(%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FAzure-Sentinel%2Fblob%2Fmaster%2FDetections%2FASimDNS%2FimDns_DomainEntity_DnsEvents.yaml%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EDomains%3C%2FA%3E%2C%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FAzure-Sentinel%2Fblob%2Fmaster%2FDetections%2FASimDNS%2FimDns_IPEntity_DnsEvents.yaml%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EIPs%3C%2FA%3E)%20to%20match%20your%20TI%20to%20even%20the%20highest%20volume%20of%20DNS%20data.%20And%20with%20out-of-the-box%20optimized%20parsers%20for%20a%20wide%20variety%20of%20DNS%20servers%20and%20clients%2C%20including%20Windows%20DNS%20Server%2C%20InfoBlox%2C%20Cisco%20Umbrella%2C%20Corelight%20Zeek%2C%20Google%20Cloud%20DNS%2C%20and%20Sysmon%2C%20you%20get%20this%20detection%20across%20much%20more%20of%20your%20data.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EJoin%20us%20to%20learn%20more%20about%20parametrized%20parsers%20in%20our%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSTRONG%3Eupcoming%20webinar%20%E2%80%9CTurbocharging%20ASIM%3A%20Making%20Sure%20Normalization%20Helps%20Performance%20Rather%20Than%20Impacting%20It%E2%80%9D%3C%2FSTRONG%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3Eon%20Oct%206th.%20Register%2C%20as%20usual%20on%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Faka.ms%2Fsecuritywebinars%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Faka.ms%2Fsecuritywebinars%3C%2FA%3E.%3C%2FP%3E%0A%3CP%3EOriginal%20Post%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fsecurity-compliance-and-identity%2Fnew-blog-post-azure-sentinel-information-model-fall-release%2Fm-p%2F2750291%23M6328%22%20target%3D%22_blank%22%3ENew%20Blog%20Post%20%7C%20Azure%20Sentinel%20Information%20Model%20Fall%20Release%3A%20Speed%20and%20Ease%20-%20Microsoft%20Tech%20Community%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Microsoft

AshleyMartin_0-1631643625539.png

Azure Sentinel Information Model Fall Release: Speed and Ease - Microsoft Tech Community

The first schema to use parametrized parsers is the DNS schema. DNS is a high-volume source, and using optimized parsers enables the new normalized Threat Intelligence Analytics Rules (Domains, IPs) to match your TI to even the highest volume of DNS data. And with out-of-the-box optimized parsers for a wide variety of DNS servers and clients, including Windows DNS Server, InfoBlox, Cisco Umbrella, Corelight Zeek, Google Cloud DNS, and Sysmon, you get this detection across much more of your data. 

 

Join us to learn more about parametrized parsers in our upcoming webinar “Turbocharging ASIM: Making Sure Normalization Helps Performance Rather Than Impacting It” on Oct 6th. Register, as usual on https://aka.ms/securitywebinars.

Original Post: New Blog Post | Azure Sentinel Information Model Fall Release: Speed and Ease - Microsoft Tech Commu...

0 Replies