We are announcing new Microsoft Sentinel content hub capabilities in Public Preview that includes support for standalone content, a new list view and support for bulk / at scale actions like install, update, and delete multiple solutions and standalone content in a single step. Content hub enables centralized discovery, installation, and management of 250+ solutions and 240+ standalone content, amounting to a total 2500+ OOTB content items that includes data connectors, workbooks (reports), analytic rules (detections), hunting queries, SOAR connectors and playbooks. Microsoft Sentinel solutions are packages of Microsoft Sentinel content or API integrations, which fulfill an end-to-end product, domain, or industry vertical scenario in Microsoft Sentinel. These new capabilities enable customers to discover, install and manage OOTB content at-scale easily, to keep up with the growth in OOTB content.
Standalone content in Content hub enables customers to discover and deploy OOTB (out-of-the-box) content that is not included in solutions. These include standalone playbooks, analytic rules, hunting queries, workbooks found either in the Microsoft Sentinel GitHub repository or in Microsoft Sentinel feature galleries. With this feature, customers have access to the vast number of OOTB content contributions from Microsoft Sentinel community, ecosystem partners and from Microsoft, in-product and in a single pane of glass. The bulk actions enable customers to efficiently manage OOTB content at scale in just a click in the current workspace.
Use cases for these new capabilities are as follows:
Note: These OOTB solutions and standalone updates are for OOTB content templates and not for active or custom items cloned or created from these non-editable templates. Hence content customizations customers might have done are not impacted by these OOTB content updates. Individual feature galleries like analytics gallery, workbooks gallery, etc. have mechanisms to handle updates to active or custom content depending on respective template modifications.
After installing content of your choice, enable and use the OOTB content with the content hub manage content experiences. Refer to the product documentation to learn more about enabling your installed OOTB content and manage those easily in content hub.
Centrally discover and deploy solutions and standalone content from community, ecosystem partners and Microsoft Research and product teams easily in Content hub for your use cases to get OOTB and complete value for your end-to-end scenarios in Microsoft Sentinel. Let us know your feedback using any of the channels listed in the Resources.
We also invite our partners to build and publish new solutions for Microsoft Sentinel. Get started now by joining the Microsoft Sentinel Threat Hunters GitHub community and follow the solutions build and publish guidance.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.