Microsoft Sentinel's new incident experience is generally available!
Published Aug 30 2023 04:33 AM 7,224 Views

We are excited to announce that the Microsoft Sentinel new incident experience is generally available!


As part of the general availability of the incident page, we're happy to announce the general availability of the similar incidents feature and the capability to add entities directly from the incident as an indicator of compromise (IoC) to our Threat Intelligence engine.


Last January of this year, Michal Shechter shared the public preview announcement in this blog post where you can find additional details. Since that time, customers have shared with us that their SOC analyst efficiency has substantially improved and has helped to decrease the time to triage and finding the relevant information.

Our data is showing less customer pivoting activities between screens and more usage of the new experience and the built-in capabilities like entity details and log search.


Some customer quotes on using the new incident experience:

“I am using it and recommending it for all customers, because it is really the best experience in comparison with the older experience”


“Great for any alert triaging, as there is more context on the same pane of events + additional functionality in front of the analyst that they might have otherwise not known about it is a good change to the usual layout.”


“For all Sentinel related investigations, the new incident experience is amazing!”


"We use the new experience view for basically all incidents we handle.”


“I like now  that everything is packed together and that I’m not sent far away from the incident when using the new experience”


“Getting more details about Account entities through UEBA panel, reduces analysis time.”


“The new UX is simply like a dashboard where we get all the things in one place like alerts related to same alerts or entities IP.”


“Using it for all investigation activities, we've seen this feature be very useful and more efficient than older experience.”


Detailed documentation for the new incident experience can be found here.

A walk-through of the investigation and case management capabilities can be found here.

For more context and a step-by-step demo please watch this video.

Version history
Last update:
‎Aug 30 2023 04:38 AM
Updated by: