Join Our Azure Sentinel Community

Ryan Heffernan · ‎Feb 22 2019

Now that we have announced Azure Sentinel, we'd like to invite you to speak directly to our engineering team. We believe that the best way to improve our products is by having no barrier between you and the people that create them. That's why we need your participation in our community.

As part of our community you can influence our products and get early access to changes by participating in private previews, giving feedback, requesting features, reviewing product roadmaps, joining conference call discussions, or attending in-person events. To try out Azure Sentinel, log into your Azure Portal and then click here to join the preview.

Join Us

To join our community, click here, and then click the join button and the heart icon for Azure Sentinel, as pictured below.

Stay Updated via our Blog

To keep up-to-date on all our major announcements, please visit our blog at https://aka.ms/AzureSentinelBlog.

Check Out our GitHub Repository

We have queries, detections, playbooks, and more on our GitHub repository at https://aka.ms/AzureSentinel/GitHub and we'll be investing significant efforts developing this content. We welcome contributions and hope you benefit from the shared expertise of our entire community.

Additional Security Groups

Here's a list of other security-related groups you may want to join.

Azure

Enterprise Mobility + Security

Microsoft Graph Security API

Security, Privacy & Compliance.

Windows Defender Advanced Threat Protection

Find us on LinkedIn

We have a general discussion group on LinkedIn called the Microsoft Security Community, where I announce highlights from this site. Please join the group and feel free to connect with me.

Webinars and Private Preview Calls

We hold regular webinars and calls where we provide technical training, preview forthcoming features, gather feedback, and host discussions. Many of these allow you to join private previews. Meeting invitations for the calls are posted here in this group, so please check back regularly. Our latest Azure Sentinel webinar can be found at https://aka.ms/AzureSentinelWebinar.

We hope to hear from you soon!

paulash · ‎Feb 28 2019

Started playing with this today... looking very promising indeed ;)

Ryan Heffernan · ‎Mar 01 2019

Enabled this in our tenant today, can't wait to start exploring!

Sankarasubramanian Parameswaran · ‎Mar 01 2019

how we can enable in our tenant

Peter_Beckendorf · ‎Mar 04 2019

Enabled in out Test Azure Tenant, looks fine, but I'm missing the possibility to get to the specific Events for more Details from the Dashboard. Hope it will be added in the future.

Ryan Heffernan · ‎Mar 04 2019

Click the link above at the end of the second paragraph to join the public preview.

Chris Shalda · ‎Mar 07 2019

FYI, there is not a specific topic group on the referenced User Voice for Azure Sentinel. I would suspect this would be desired, not sure how to make that happen besides me posting a feedback item under the general topic group (which I have already done).

Ryan Heffernan · ‎Mar 15 2019

@Chris Shalda We'll have a specific User Voice channel for Azure Sentinel soon. Please stay tuned.

Robert K · ‎Mar 18 2019

@Ryan Heffernan Preview not working for us. The setup process wants to create a 'Resource Group'. This is not allowed to us because it costs money without the ability to limit the spending.

David Caddick · ‎Mar 27 2019

Can you please let me know the best place to provide feedback and discuss issues for the Sentinel SIEM please? is that here or in Yammer?

David Delorge · ‎Mar 28 2019

When will the cost be announced for sentinel?

David Delorge · ‎Mar 28 2019

@David Delorge

I might be wrong, but I think the cost comes from your ALA (Azure Log Analytics) tier. My dev subscription currently has 18m events in Sentinel and we have not seen any increased cost so far.

David Delorge · ‎Mar 28 2019

I read online (see post) that they haven't decided on pricing yet, which is why I was asking. @Deleted

https://azure.microsoft.com/en-us/pricing/details/azure-sentinel/

David Delorge · ‎Mar 28 2019

@David Delorge

interesting! i did not think it was going to be separate from the current ALA tier. good to know for the future.

Chris Boehm · ‎Mar 28 2019

@David Caddick

Please continue providing feedback here on the Azure Sentinel Communities, if you're specifically asking for a feature request on a product go here.

https://feedback.azure.com/forums/920458-azure-sentinel

referencing Ryan's Community post : https://techcommunity.microsoft.com/t5/Azure-Advanced-Threat-Protection/Join-Our-Security-Community/...

"

We want you to speak directly to our engineering teams. We believe that the best way to improve our security products is by having no barriers between you and the people that create them. That's why we need your participation in our security community.

As part of our community you can influence our products and get early access to changes by participating in private previews, giving feedback, requesting features, reviewing product roadmaps, joining webinars and calls, or attending in-person events.

Join Us

To join our community, click here, and then click the join button and the heart icons of the groups your are interested in, as pictured below.

"

Elliot_hylton_07 · ‎May 07 2019

interesting

Nirmal Jose · ‎May 17 2019

Certainly interested into it.

AndrewX · ‎Jun 19 2019

Thanks for these excellent tooling. We enable and integrated with AAD, O365, Security Center day we heard about it and very cool so far.. I am still a bit muddy though on how my existing non-azure oms agent hosts that currently send data to an existing log analytics workspace, and how the agents gets data to ATP, Security Centre send data to Sentinel. What's the best practice for agent install on hosts to get data to all the security portals?

Sankarasubramanian Parameswaran · ‎Jun 20 2019

how we cam enable azure senitel

Chris Boehm · ‎Jun 20 2019

@AndrewX

I believe this comes down to where you're needing the data, the OMS agent can be multihomed

https://blogs.technet.microsoft.com/msoms/2016/05/26/oms-log-analytics-agent-multi-homing-support/

This allows you to send data to multiple different workspaces. Be aware you'll be charged twice for the data.

If you're wanting to take advantage of the services you're already paying for you should have something like this, I'm going to be using Azure Security Center as an example.

Server -> MMA/OMS Agent--> Azure Security Center --> Azure Sentinel

This way you'll still have all the data within Azure Security Center's Workspace, you'll get security related alerts ingested into Azure Sentinel.

You can take another approach as to having Azure Sentinel and Azure Security Center together by using the same workspace.

Server -> MMA/OMS Agent -> Workspace(Azure Security Center/Azure Sentinel)

You'll see a lot more raw events this way, get Azure Security Center benefits within the same workspace, but still able to use the investigation/alerts/automation with Azure Sentinel with the additional information.

Hope this helped answer your question

Join Our Azure Sentinel Community

Join Our Azure Sentinel Community

Re: Join Our Azure Sentinel Community

Re: Join Our Azure Sentinel Community

Re: Join Our Azure Sentinel Community

Re: Join Our Azure Sentinel Community

Re: Join Our Azure Sentinel Community

Re: Join Our Azure Sentinel Community

Re: Join Our Azure Sentinel Community

Re: Join Our Azure Sentinel Community

Re: Join Our Azure Sentinel Community

RE: Join Our Azure Sentinel Community

Re: RE: Join Our Azure Sentinel Community

Re: RE: Join Our Azure Sentinel Community

Re: RE: Join Our Azure Sentinel Community

Re: Join Our Azure Sentinel Community

RE: Join Our Azure Sentinel Community

RE: Join Our Azure Sentinel Community

Re: Join Our Azure Sentinel Community

Re: Join Our Azure Sentinel Community

Re: Join Our Azure Sentinel Community

Products (52)

Special Topics (28)

Video Hub (447)

Most Active Hubs

Most Active Hubs

Video Hub

Join Our Azure Sentinel Community