Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
What’s New: 250+ Solutions in Microsoft Sentinel Content hub!
Published Dec 08 2022 11:11 AM 9,606 Views
Microsoft

The existence of a variety of products catering to different needs across a customer's digital estate pose a unique challenge for Security Operations' coverage in not only protecting the environment but detecting and responding to threats as well. Now, with more than 250 out-of-the-box (OOTB) solutions (integrations and packaged content), an additional 240+ standalone OOTB content items, totaling the overall content inventory to 2500+ content items that SOC teams can use immediately, Microsoft Sentinel Content Hub makes the onboarding journey and increasing coverage for Security Operations more efficient. With packaged solutions and standalone content in Content Hub, customers can quickly unlock E2E SecOps value by deploying these content templates. The out-of-the-box templates help SOC teams in getting started with detections, proactive/reactive hunting and dashboarding scenarios that help address monitoring needs for a particular product, domain, or industry vertical. Read the product documentation to learn more about Microsoft Sentinel OOTB content and solutions.

 

PrateekTaneja_6-1670523949414.png

 

The Microsoft Sentinel Content Hub is now 250+ solutions strong with an increasingly vibrant ecosystem empowering customers to integrate with industry – leading products and services with out-of-box solution packages and underlying content templates. The Content Hub now has a total of 2500+ content items that include,

 

  • 250+ Data Connectors that help ingest log data into Microsoft Sentinel
  • 1050+ Analytic Rule templates that help detect anomalies that may indicate abnormal user/entity behavior.
  • 660+ Hunting Query templates to enable OOTB proactive/reactive hunt capabilities.
  • 220+ Workbooks that provide a bird’s eye view of point-in-time state of onboarded organizational resources.
  • 330+ Playbooks that help automate several SOAR use cases.

The content hub now also allows centralized OOTB content management. Customers can now manage all content packaged within a solution using the new management experience. Read the product documentation on how to manage OOTB content in solutions.

 

PrateekTaneja_7-1670523949421.png

 

Continue reading to learn more about the diverse ecosystem of integrations that the Microsoft Sentinel Content Hub provides.

 

The content hub solutions catalog

The Microsoft Sentinel content hub offers a rich set of solutions and out-of-the-box content catering to product, domain, or industry vertical needs. While these integrated set of products help customer be more productive at scale and cater to various organizational needs, leveraging the OOTB templates enable SOC teams to protect, detect and timely respond to threats and stay productive. The solutions’ catalog includes industry leading products that enable customers in different areas of operational excellence.

 

Multi – cloud workload monitoring

For customers who choose to operate in a multi-cloud model, Content Hub provides OOTB monitoring capabilities for monitoring workloads in Amazon Web Services (AWS), Google Cloud Platform (GCP) Alibaba Cloud, Oracle Cloud and IBM Cloud.

 

Microsoft product integrations

The OOTB Microsoft product and service integrations in the Content Hub span both on-premises and services offered by the Azure cloud platform. While the most popular integrations include ingesting log/alert/incident information from services such as Azure Active Directory and Microsoft 365 Defender, the on-premises services can also be integrated for monitoring via Microsoft Sentinel and include Windows Firewall and Windows Server DNS. The most recent integrations in this space include OOTB solutions for Azure PaaS services such as Azure Batch Account, Azure Cognitive Search, Azure Data Lake, Azure Event Hubs, etc.

 

Domain and Compliance Solutions

Domain and Compliance solutions cater to non-product specific requirements. These could align to a pattern or type of logs that are product agnostic in nature or can help in assessment of posture in accordance with a compliance standard such as UEBA, PCI DSS, etc. The value that Domain – based solutions provide might require that logs data from a different data source are being ingested. For example, the UEBA Essentials solution requires that UEBA and appropriate data sources are pre-enable. Some of the Domain Solutions that are available the Microsoft Sentinel Content Hub have been listed below:

 

Domain Solutions

PCI DSS Compliance

Azure Security Benchmark

UEBA Essentials

SOC Process Framework

Apache Log4j Vulnerability Detection

Cybersecurity Maturity Model Certification (CMMC)

Zero Trust (TIC 3.0)

Security Threat Essentials

Maturity Model for Event Log Management M2131

 

SOAR and ITSM Integrations

Microsoft Sentinel provides a wide variety of playbooks and connectors for security orchestration, automation, and response (SOAR) scenarios. More details about SOAR content catalog can be found on the official documentation. Out-of- the-box (OOTB) SOAR integrations enable automated actions for incident enrichment and management, TI management, investigation, and response scenarios like block IP/URL, disable service accounts, request vulnerability scans, etc. These OOTB automation scenarios are now enabled for the following products:

 

New SOAR Integrations

OpenCTI

Fortinet FortiWeb

Abuse IPDB

Rapid7 Insight VM

AWS IAM

GCP Identity

URLHaus

Qualys VM

CheckPhish

Neustar GeoIP

Threatx

Elastic Search

Mindmeld

TheHive

 

In the IT Service Management space, we now also have the capability to bi-directionally sync incidents between ServiceNow and Microsoft Sentinel. Customers can leverage the Microsoft developed ServiceNow application that enables this capability. For more details, visit the blog that explains the integration in more detail.

 

Ecosystem partner integrations

Microsoft Sentinel’s spectrum of integrations is further lined with partner integrations that are developed and supported by our partners that customers continue to leverage for increased SecOps coverage and monitoring scenarios. Some of the latest integrations allow customers to start ingesting logs and consuming OOTB security content with the following solutions:

 

Ecosystem Partner Integrations

AI Analyst Darktrace

Illusive Platform

42 Crunch

Red Canary

Rubrik

Citrix Analytics

ExtraHop

Sophos Cloud

Watchguard

WireX

Netskope

SonicWall

Zimperium

 

Solutions' releases

Microsoft Sentinel Content hub solutions are now presented in batches, at periodic intervals, to members of our Cloud Security Private Community. This community gets early access to upcoming changes to our product in exchange for their feedback and insights before changes are announced to the public.

 

If you would like to participate in the Content Hub Solutions' Private Preview cycles, and other exciting feedback opportunities for upcoming Microsoft Sentinel features and announcements, please sign-up to become a part of our Private Community by filling out our onboarding form, here.

 

Important. Members are required to sign a non-disclosure agreement with Microsoft. If you or your organization don't have one, we can assist you with it.

 

2 Comments
Co-Authors
Version history
Last update:
‎Dec 08 2022 11:06 AM
Updated by: