We are announcing Content hub in public preview, featuring a rich set of 92 Microsoft Sentinel solutions to deliver instant out-of-the-box content value and get you started on Microsoft Sentinel quickly. Content hub provides centralized in-product discoverability, single-step deployment, and enablement of out-of-the-box solutions and content in Microsoft Sentinel. The new Content hub replaces the solutions gallery in Microsoft Sentinel and includes all the solutions available in the solutions gallery plus much more.
Microsoft Sentinel content is Security Information and Event Management (SIEM) content that enables customers to ingest data, monitor, alert, hunt, investigate, respond, and connect with different products, platforms, and services in Microsoft Sentinel. Microsoft Sentinel solutions are packages of content like data connectors, workbooks, analytic rules, playbooks, etc. or API integrations, which fulfill an end-to-end product, domain, or industry vertical scenario in Microsoft Sentinel. In terms of out-of-the-box content, these 90+ solutions in Content hub, comprise of over 60 data connectors, 250 analytic rules, 100 playbooks, 150 hunting queries and about 40 workbooks.
Use cases for Content hub are as follows:
Discover solutions for your scenarios by leveraging enhanced search capabilities. Filter by specific domain or vertical categories, other parameters like content type or provider, or use the powerful text search, to find the content that works best for your organization's needs.
Install a solution in a single step to get out-of-the-box content to immediately unlock your end-to-end use cases.
These solutions contain a combination of one or more data connectors, workbooks, parsers, analytic rules, hunting queries and watchlists that delivers end-to-end product value for that integration in Microsoft Sentinel. Refer to the following list of new product specific solutions available in Content hub, in addition to the ones announced earlier.
RiskIQ Integration Incident Enrichment in Microsoft Sentinel
Application/Storage/Platform- Jboss, Snowflake, Sysmon for Linux, The Hive and more
Cloud Provider – Google Cloud Provider (GCP) solutions for Cloud DNS, Cloud Monitor and Identity and Access Management, Oracle Cloud Infrastructure and more
Compliance - Senserva Pro, Sonrai Security
Devops – GitHub, Google Apigee
Identity - Cisco Duo Security, RSA SecurID and more
Internet of Things (IoT) – Claroty, IoT OT Threat Monitoring with Defender for IoT
IT Operations – AgileSec (Infosec Global), Ivanti and more
Security - Comprises of multiple categories like threat protection, network, cloud, insiders risk, automation (SOAR), cloud security, threat intelligence, UEBA
Threat protection: Abnormal Security, Armorblox, Cisco Secure endpoint, Semperis, Endgame / Elastic agent, ESET Protect, Flare Systems Firework, Lookout, Kaspersky Antivirus, Bitglass, Sailpoint, TrendMicro CAS and more
Network: Vectra Stream, Imperva Cloud WAF, McAfee Network Protection Platform, Arista Networks (Awake Security), Cisco Meraki, FireEye NX, Forescout, IronNet CyberSecurity Iron Defense, Juniper IDP, Claroty, Cisco StealthWatch and more
Cloud and automation (SOAR): PAN-OS, Palo Alto Cortex (CDL), Fortinet Fortigate and more
Threat intelligence: RiskIQ Illuminate and more
Information protection: Nucleus Cyber NC Protect / ArchTIS, Digital Guardian
Vulnerability management: Tenable Nessus Scanner, Rapid7 Nexpose / Insight VM and more
Domain specific solutions
Domain solutions contain a combination of one or more workbooks, parsers, analytic rules, hunting queries and watchlists that delivers end-to-end domain value for that integration in Microsoft Sentinel. These solutions are usually data source agnostic and can operate on multiple data sources of a certain type.
Microsoft Insider Risk Management Solution
Compliance - Cybersecurity Maturity Model Certification (CMMC)
Identity - Zero Trust (TIC3.0)
Security - Falcon Friday, Honey Token (deception solution), Microsoft Insider Risk Management, Microsoft Threat Analysis and Response.
If you are new to Microsoft Sentinel, Microsoft Sentinel Training lab solution can help you get started quickly
Microsoft Sentinel Training Solution
Microsoft Sentinel Content hub is just one of several exciting announcements we’ve made for Microsoft Ignite 2021. Learn more about other new Microsoft Sentinel innovations in our announcements blogpost.
Discover and deploy solutions from Content hub for your use cases to get out-of-the-box and end-to-end value for your scenarios in Microsoft Sentinel. Let us know your feedback using any of the channels listed in the Resources.