What’s new: Unified Microsoft SIEM & XDR GitHub community

Published Mar 09 2022 09:48 AM 4,993 Views
Microsoft

We are announcing our new unified GitHub community for Microsoft SIEM and XDR, enabling SOC teams to centrally discover the latest hunting queries and analytics for Microsoft Sentinel and Microsoft Defender. Furthermore, community contributors can expand their impact to multiple products with a single contribution. This community brings together Microsoft Sentinel and Microsoft 365 Defender products as part of the Microsoft SIEM and XDR threat protection story.  

 

About Microsoft SIEM and XDR 

 

Microsoft 365 Defender is a unified pre- and post-breach enterprise defense suite that natively coordinates detection, prevention, investigation, and response across endpoints, identities, email, and applications to provide integrated protection against sophisticated attacks. Hunting queries can be built to provide value to Microsoft 365 Defender advanced hunting scenarios and can be used for custom detections as well. 

 

commnuities.png

 

Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Microsoft Sentinel provides a platform for different data sources to come together. Different types of contributions like hunting, detection and investigation queries, automated workflows, visualizations, and much more can be built to use one or many of these data sources. These contributions enable relevant security insights for automated hunting, alerting, incident tracking, investigations, and response experiences in Microsoft Sentinel. 

 

Why unified community? 

 

The unified Microsoft SIEM and XDR Community provides a forum for the community members, aka, Threat Hunters, to join in and submit these contributions via GitHub Pull Requests or contribution ideas as GitHub Issues. Hunting queries for Microsoft 365 Defender will provide value to both Microsoft 365 Defender and Microsoft Sentinel products, hence a multiple impact for a single contribution. These contributions can be just based on your idea of the value to enterprise your contribution provides or can be from the GitHub open issues list or even enhancements to existing contributions.  

 

Get started now! 

 

Participate in the unified GitHub community for Microsoft Sentinel and Microsoft 365 Defender.

%3CLINGO-SUB%20id%3D%22lingo-sub-3252149%22%20slang%3D%22en-US%22%3EWhat%E2%80%99s%20new%3A%20Unified%20Microsoft%20SIEM%20%26amp%3Bamp%3B%20XDR%20GitHub%20community%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3252149%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3EWe%20are%20announcing%20our%20%3CA%20href%3D%22https%3A%2F%2Faka.ms%2Fthreathunters%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Enew%20unified%20GitHub%20community%3C%2FA%3E%20for%20Microsoft%20SIEM%20and%20XDR%2C%20enabling%20SOC%20teams%20to%20centrally%20discover%20the%20latest%20hunting%20queries%20and%20analytics%20for%20Microsoft%20Sentinel%20and%20Microsoft%20Defender.%20Furthermore%2C%20community%20contributors%20can%20expand%20their%20impact%20to%20multiple%20products%20with%20a%20single%20contribution.%E2%80%AFThis%20community%20brings%20together%20Microsoft%20Sentinel%20and%20Microsoft%20365%20Defender%20products%20as%20part%20of%20the%20%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fsecurity%2Fbusiness%2Fthreat-protection%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EMicrosoft%20SIEM%20and%20XDR%20threat%20protection%20story%3C%2FA%3E.%26nbsp%3B%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId--1405102949%22%20id%3D%22toc-hId--1380196562%22%3E%3CSPAN%3EAbout%20Microsoft%20SIEM%20and%20XDR%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FH3%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fmicrosoft-365%2Fsecurity%2Fdefender%2Fmicrosoft-365-defender%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%3CSPAN%3EMicrosoft%20365%20Defender%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%3E%E2%80%AFis%20a%20unified%20pre-%20and%20post-breach%20enterprise%20defense%20suite%20that%20natively%20coordinates%20detection%2C%20prevention%2C%20investigation%2C%20and%20response%20across%20endpoints%2C%20identities%2C%20email%2C%20and%20applications%20to%20provide%20integrated%20protection%20against%20sophisticated%20attacks.%20Hunting%20queries%20can%20be%20built%20to%20provide%20value%20to%20Microsoft%20365%20Defender%20advanced%20hunting%20scenarios%20and%20can%20be%20used%20for%20custom%20detections%20as%20well.%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22commnuities.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F354517iBAEFA776C12CDE87%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22commnuities.png%22%20alt%3D%22commnuities.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CDIV%20id%3D%22tinyMceEditorTaliAsh_0%22%20class%3D%22mceNonEditable%20lia-copypaste-placeholder%22%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CP%3E%3CA%20style%3D%22font-family%3A%20inherit%3B%20background-color%3A%20%23ffffff%3B%22%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fazure%2Fsentinel%2Foverview%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EMicrosoft%20Sentinel%3C%2FA%3E%3CSPAN%20style%3D%22font-family%3A%20inherit%3B%22%3E%E2%80%AFis%20a%20scalable%2C%20cloud-native%2C%E2%80%AF%3CSTRONG%3Esecurity%20information%20event%20management%20(SIEM)%3C%2FSTRONG%3E%E2%80%AFand%E2%80%AF%3CSTRONG%3Esecurity%20orchestration%20automated%20response%20(SOAR)%3C%2FSTRONG%3E%E2%80%AFsolution.%20Microsoft%20Sentinel%20delivers%20intelligent%20security%20analytics%20and%20threat%20intelligence%20across%20the%20enterprise%2C%20providing%20a%20single%20solution%20for%20alert%20detection%2C%20threat%20visibility%2C%20proactive%20hunting%2C%20and%20threat%20response.%20Microsoft%20Sentinel%20provides%20a%20platform%20for%20different%20data%20sources%20to%20come%20together.%20Different%20types%20of%20contributions%20like%20hunting%2C%20detection%20and%20investigation%20queries%2C%20automated%20workflows%2C%20visualizations%2C%20and%20much%20more%20can%20be%20built%20to%20use%20one%20or%20many%20of%20these%20data%20sources.%20These%20contributions%20enable%20relevant%20security%20insights%20for%20automated%20hunting%2C%20alerting%2C%20incident%20tracking%2C%20investigations%2C%20and%20response%20experiences%20in%20Microsoft%20Sentinel.%3C%2FSPAN%3E%3CSPAN%20style%3D%22font-family%3A%20inherit%3B%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-1082409884%22%20id%3D%22toc-hId-1107316271%22%3E%3CSPAN%3EWhy%20unified%20community%3F%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FH3%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EThe%20unified%20Microsoft%20SIEM%20and%20XDR%20Community%20provides%20a%20forum%20for%20the%20community%20members%2C%20aka%2C%E2%80%AF%3CSTRONG%3EThreat%20Hunters%3C%2FSTRONG%3E%2C%20to%20join%20in%20and%20submit%20these%20contributions%20via%20GitHub%20Pull%20Requests%20or%20contribution%20ideas%20as%20GitHub%20Issues.%20Hunting%20queries%20for%20Microsoft%20365%20Defender%20will%20provide%20value%20to%20both%20Microsoft%20365%20Defender%20and%20Microsoft%20Sentinel%20products%2C%20hence%20a%20multiple%20impact%20for%20a%20single%20contribution.%20These%20contributions%20can%20be%20just%20based%20on%20your%20idea%20of%20the%20value%20to%20enterprise%20your%20contribution%20provides%20or%20can%20be%20from%20the%20GitHub%20open%20issues%20list%20or%20even%20enhancements%20to%20existing%20contributions.%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId--725044579%22%20id%3D%22toc-hId--700138192%22%3E%3CSPAN%3EGet%20started%20now!%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FH3%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EParticipate%20in%20the%20unified%20GitHub%20community%E2%80%AFfor%20Microsoft%20Sentinel%20and%20Microsoft%20365%20Defender.%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FAzure-Sentinel%2Fwiki%2FContribute-to-Sentinel-GitHub-Community-of-Queries%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%3CSTRONG%3EContribute%3C%2FSTRONG%3E%3C%2FA%3E%26nbsp%3Byour%20queries%20to%20the%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FAzure-Sentinel%2Ftree%2Fmaster%2FHunting%2520Queries%2FMicrosoft%2520365%2520Defender%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%3CSTRONG%3EMicrosoft%20365%20Defender%20folder%3C%2FSTRONG%3E%3C%2FA%3E%26nbsp%3Bin%20the%20Hunting%20Queries%20section.%3C%2FLI%3E%0A%3CLI%3ESpecifics%20on%20what%20is%20required%20for%20Hunting%20queries%20is%20in%20the%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FAzure-Sentinel%2Fwiki%2FQuery-Style-Guide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%3CSTRONG%3EQuery%20Style%20Guide%3C%2FSTRONG%3E%3C%2FA%3E.%3C%2FLI%3E%0A%3CLI%3EWebcasts%20content%20can%20be%20found%20in%20the%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FAzure-Sentinel%2Ftree%2Fmaster%2FTutorials%2FMicrosoft%2520365%2520Defender%2FWebcasts%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%3CSTRONG%3ETutorials%20folder%3C%2FSTRONG%3E%3C%2FA%3E.%3C%2FLI%3E%0A%3CLI%3EPower%20BI%20example%20can%20be%20found%20in%20the%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FAzure-Sentinel%2Ftree%2Fmaster%2FTools%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%3CSTRONG%3ETools%20folder%3C%2FSTRONG%3E%3C%2FA%3E.%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-3252149%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3EWe%20are%20announcing%20our%20%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Faka.ms%2Fthreathunters%22%20rel%3D%22noopener%20noreferrer%22%20target%3D%22_blank%22%3E%3CSPAN%3Enew%20unified%20GitHub%20community%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%3E%20for%20Microsoft%20SIEM%20and%20XDR%2C%20enabling%20SOC%20teams%20to%20centrally%20discover%20the%20latest%20hunting%20queries%20and%20analytics%20for%20Microsoft%20Sentinel%20and%20Microsoft%20Defender.%20Furthermore%2C%20community%20contributors%20can%20expand%20their%20impact%20to%20multiple%20products%20with%20a%20single%20contribution.%E2%80%AFThis%20community%20brings%20together%20Microsoft%20Sentinel%20and%20Microsoft%20365%20Defender%20products%20as%20part%20of%20the%20%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fsecurity%2Fbusiness%2Fthreat-protection%22%20rel%3D%22noopener%20noreferrer%22%20target%3D%22_blank%22%3E%3CSPAN%3EMicrosoft%20SIEM%20and%20XDR%20threat%20protection%20story%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%3E.%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-3252149%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EThreat%20Hunting%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Co-Authors
Version history
Last update:
‎Mar 09 2022 09:49 AM
Updated by: