This installment is part of a broader series to keep you up to date with the latest features in Azure Sentinel. The installments will be bite-sized to enable you to easily digest the new content.
Regardless of the size and tooling of your SOC, it’s important to have a single queue and govern quality of it. Having a single place to go for reactive analysis and ensuring that place produces high quality alerts are key enablers of SOC effectiveness and responsiveness. As a complement to the quality piece, the queue must be updated to enable SOC analysts to work with the most up to date incidents. To improve the effectiveness of SOC analysts, we are delighted to announce that the Auto-Refresh capability is now generally available.
The Auto-refresh feature will enable your SOC analyst to automatically refresh the incidents queue in Sentinel to make sure analysts have an updated list of incidents to triage. The feature, when turned on, will check for new incidents every 30 seconds and update the queue if new ones are found/update those that already exist in the list.
On the top left of the incidents table, you will find the new auto-refresh toggle.
When turned on, the incidents queue will be automatically refreshed every 30 seconds if there are new incidents and update existing incidents.
Figure 1: Auto Refresh Capability
Get started today!
We encourage you to leverage the auto-refresh capability to ensure SOC analysts have an updated list of incidents to work with. This feature will improve the detection and investigation experience across your security operations center.