Introducing Microsoft Sentinel Content hub!
Published Nov 04 2021 11:26 AM 20.9K Views

We are announcing Content hub in public preview, featuring a rich set of 92 Microsoft Sentinel solutions to deliver instant out-of-the-box content value and get you started on Microsoft Sentinel quickly. Content hub provides centralized in-product discoverability, single-step deployment, and enablement of out-of-the-box solutions and content in Microsoft Sentinel. The new Content hub replaces the solutions gallery in Microsoft Sentinel and includes all the solutions available in the solutions gallery plus much more.


Microsoft Sentinel content is Security Information and Event Management (SIEM) content that enables customers to ingest data, monitor, alert, hunt, investigate, respond, and connect with different products, platforms, and services in Microsoft Sentinel. Microsoft Sentinel solutions are packages of content like data connectors, workbooks, analytic rules, playbooks, etc. or API integrations, which fulfill an end-to-end product, domain, or industry vertical scenario in Microsoft Sentinel. In terms of out-of-the-box content, these 90+ solutions in Content hub, comprise of over 60 data connectors, 250 analytic rules, 100 playbooks, 150 hunting queries and about 40 workbooks.  


Use cases for Content hub are as follows:

  • Discover solutions for your scenarios by leveraging enhanced search capabilities. Filter by specific domain or vertical categories, other parameters like content type or provider, or use the powerful text search, to find the content that works best for your organization's needs. 
  • Install a solution in a single step to get out-of-the-box content to immediately unlock your end-to-end use cases.
  • Manage updates for out-of-the-box content easily and get visibility on which solutions carry new updates.
  • Get clarity on support model for each solution.

Microsoft Sentinel Content HubMicrosoft Sentinel Content Hub


What solutions are there in Content hub? 

Today, we have solutions for Microsoft and other products in the multiple categories landed with lots of collaboration across Microsoft and partners. Much thanks, to our partner teams to make this possible. Learn how you can deliver combined value and reach a wider audience by landing a solution in Microsoft Sentinel Content hub. Refer to the Content hub catalog for a complete list of solutions in the content hub.


Product specific solutions

These solutions contain a combination of one or more data connectors, workbooks, parsers, analytic rules, hunting queries and watchlists that delivers end-to-end product value for that integration in Microsoft Sentinel. Refer to the following list of new product specific solutions available in Content hub, in addition to the ones announced earlier.

RiskIQ Integration Incident Enrichment in Microsoft SentinelRiskIQ Integration Incident Enrichment in Microsoft Sentinel


  • Application/Storage/Platform- Jboss, Snowflake, Sysmon for Linux, The Hive and more
  • Cloud Provider – Google Cloud Provider (GCP) solutions for Cloud DNS, Cloud Monitor and Identity and Access Management, Oracle Cloud Infrastructure and more
  • Compliance - Senserva Pro, Sonrai Security
  • Devops – GitHub, Google Apigee
  • Identity - Cisco Duo Security, RSA SecurID and more
  • Internet of Things (IoT) – Claroty, IoT OT Threat Monitoring with Defender for IoT
  • IT Operations – AgileSec (Infosec Global), Ivanti and more
  • Security - Comprises of multiple categories like threat protection, network, cloud, insiders risk, automation (SOAR), cloud security, threat intelligence, UEBA
    • Threat protection: Abnormal Security, Armorblox, Cisco Secure endpoint, Semperis, Endgame / Elastic agent, ESET Protect, Flare Systems Firework, Lookout, Kaspersky Antivirus, Bitglass, Sailpoint, TrendMicro CAS and more
    • Network: Vectra Stream, Imperva Cloud WAF, McAfee Network Protection Platform, Arista Networks (Awake Security), Cisco Meraki, FireEye NX, Forescout, IronNet CyberSecurity Iron Defense, Juniper IDP, Claroty, Cisco StealthWatch and more 
    • Cloud and automation (SOAR): PAN-OS, Palo Alto Cortex (CDL), Fortinet Fortigate and more
    • Threat intelligence: RiskIQ Illuminate and more
    • Information protection: Nucleus Cyber NC Protect / ArchTIS, Digital Guardian
    • Vulnerability management: Tenable Nessus Scanner, Rapid7 Nexpose / Insight VM and more

Vectra SolutionVectra Solution


Domain specific solutions

Domain solutions contain a combination of one or more workbooks, parsers, analytic rules, hunting queries and watchlists that delivers end-to-end domain value for that integration in Microsoft Sentinel. These solutions are usually data source agnostic and can operate on multiple data sources of a certain type.

Microsoft Insider Risk Management SolutionMicrosoft Insider Risk Management Solution

  • Compliance - Cybersecurity Maturity Model Certification (CMMC)
  • Identity - Zero Trust (TIC3.0)
  • Security - Falcon Friday, Honey Token (deception solution), Microsoft Insider Risk Management, Microsoft Threat Analysis and Response.
  • If you are new to Microsoft Sentinel, Microsoft Sentinel Training lab solution can help you get started quickly

Microsoft Sentinel Training SolutionMicrosoft Sentinel Training Solution


Microsoft Sentinel Content hub is just one of several exciting announcements we’ve made for Microsoft Ignite 2021. Learn more about other new Microsoft Sentinel innovations in our announcements blogpost.

Discover and deploy solutions from Content hub for your use cases to get out-of-the-box and end-to-end value for your scenarios in Microsoft Sentinel. Let us know your feedback using any of the channels listed in the Resources.

We also invite our partners to build and publish new solutions for Microsoft Sentinel. Get started now by joining the Microsoft Sentinel Threat Hunters GitHub community and follow the solutions build and publish guidance.



Version history
Last update:
‎Nov 04 2021 11:26 AM
Updated by: