Feb 22 2019 02:50 PM - edited Oct 08 2021 02:20 PM
Now that we have announced Azure Sentinel, we'd like to invite you to speak directly to our engineering team. We believe that the best way to improve our products is by having no barrier between you and the people that create them. That's why we need your participation in our community.
As part of our community you can influence our products and get early access to changes by participating in private previews, giving feedback, requesting features, reviewing product roadmaps, joining conference call discussions, or attending in-person events. To try out Azure Sentinel, log into your Azure Portal and then click here to join the preview.
Join Us
To join our community, click here, and then click the join button and the heart icon for Azure Sentinel, as pictured below.
Stay Updated via our Blog
To keep up-to-date on all our major announcements, please visit our blog at https://aka.ms/AzureSentinelBlog.
Check Out our GitHub Repository
We have queries, detections, playbooks, and more on our GitHub repository at https://aka.ms/AzureSentinel/GitHub and we'll be investing significant efforts developing this content. We welcome contributions and hope you benefit from the shared expertise of our entire community.
Additional Security Groups
Here's a list of other security-related groups you may want to join.
Enterprise Mobility + Security
Security, Privacy & Compliance.
Windows Defender Advanced Threat Protection
Find us on LinkedIn
We have a general discussion group on LinkedIn called the Microsoft Security Community, where I announce highlights from this site. Please join the group and feel free to connect with me.
Webinars and Private Preview Calls
We hold regular webinars and calls where we provide technical training, preview forthcoming features, gather feedback, and host discussions. Many of these allow you to join private previews. Meeting invitations for the calls are posted here in this group, so please check back regularly. Our latest Azure Sentinel webinar can be found at https://aka.ms/AzureSentinelWebinar.
We hope to hear from you soon!
Feb 28 2019 07:03 PM
Started playing with this today... looking very promising indeed ;)
Mar 01 2019 06:27 AM
Enabled this in our tenant today, can't wait to start exploring!
Mar 04 2019 04:29 AM
Enabled in out Test Azure Tenant, looks fine, but I'm missing the possibility to get to the specific Events for more Details from the Dashboard. Hope it will be added in the future.
Mar 04 2019 10:24 AM
Mar 07 2019 04:44 AM
Mar 15 2019 11:47 AM
@Chris Shalda We'll have a specific User Voice channel for Azure Sentinel soon. Please stay tuned.
Mar 18 2019 10:30 AM
@Ryan Heffernan Preview not working for us. The setup process wants to create a 'Resource Group'. This is not allowed to us because it costs money without the ability to limit the spending.
Mar 27 2019 04:57 AM
Mar 28 2019 08:09 AM
Mar 28 2019 08:32 AM
I might be wrong, but I think the cost comes from your ALA (Azure Log Analytics) tier. My dev subscription currently has 18m events in Sentinel and we have not seen any increased cost so far.
Mar 28 2019 08:57 AM
I read online (see post) that they haven't decided on pricing yet, which is why I was asking. @Deleted
https://azure.microsoft.com/en-us/pricing/details/azure-sentinel/
Mar 28 2019 11:43 AM
interesting! i did not think it was going to be separate from the current ALA tier. good to know for the future.
Mar 28 2019 04:41 PM - edited May 07 2019 11:00 AM
Solution
Please continue providing feedback here on the Azure Sentinel Communities, if you're specifically asking for a feature request on a product go here.
https://feedback.azure.com/forums/920458-azure-sentinel
referencing Ryan's Community post : https://techcommunity.microsoft.com/t5/Azure-Advanced-Threat-Protection/Join-Our-Security-Community/...
"
We want you to speak directly to our engineering teams. We believe that the best way to improve our security products is by having no barriers between you and the people that create them. That's why we need your participation in our security community.
As part of our community you can influence our products and get early access to changes by participating in private previews, giving feedback, requesting features, reviewing product roadmaps, joining webinars and calls, or attending in-person events.
Join Us
To join our community, click here, and then click the join button and the heart icons of the groups your are interested in, as pictured below.
"
Jun 19 2019 11:30 PM
Jun 20 2019 06:16 AM
I believe this comes down to where you're needing the data, the OMS agent can be multihomed
https://blogs.technet.microsoft.com/msoms/2016/05/26/oms-log-analytics-agent-multi-homing-support/
This allows you to send data to multiple different workspaces. Be aware you'll be charged twice for the data.
If you're wanting to take advantage of the services you're already paying for you should have something like this, I'm going to be using Azure Security Center as an example.
Server -> MMA/OMS Agent--> Azure Security Center --> Azure Sentinel
This way you'll still have all the data within Azure Security Center's Workspace, you'll get security related alerts ingested into Azure Sentinel.
You can take another approach as to having Azure Sentinel and Azure Security Center together by using the same workspace.
Server -> MMA/OMS Agent -> Workspace(Azure Security Center/Azure Sentinel)
You'll see a lot more raw events this way, get Azure Security Center benefits within the same workspace, but still able to use the investigation/alerts/automation with Azure Sentinel with the additional information.
Hope this helped answer your question