30+ New Azure Sentinel Data Connectors - Microsoft Tech Community
We are announcing over 30 new out-of-the-box data connectors for Azure Sentinel to enable data collection for leading security products and other clouds. With these new connectors, we are continuing the momentum to enable customers to easily bring data from different products into Azure Sentinel and analyze data at cloud scale.
Cloud SIEM Innovations from Azure Sentinel (microsoft.com)
Last Ignite, we shared our vision for a modernized approach to threat protection with integrated SIEM and XDR. Now, we’re building upon that vision with deeper integration between Azure Sentinel and Microsoft 365 Defender, making it easier than ever harness the breadth of SIEM alongside the depth of XDR.
When it comes to incident management and response, time is everything. Impact and damage from a malicious actor can be weighed in minutes. Azure Sentinel strives to deliver a strong experience for users while also providing tools for investigations. Recently, a newer feature called Watchlists was released to pubic preview. This new feature can be utilized to speed up and drive investigations to be more efficient. This blog is going to provide examples of how they can be used while providing a scenario with examples.
The workbook allows you to visualize alerts from Azure Defender and monitor its coverage across your Sentinel workspaces. In addition, it provides security insights from the activity logs. These insights include baselines for key vault access and anomalous deviations from them, as well as event and operation analysis over time. The analysis allows you to inspect failed events, caller IPs, active users & services, as well as their operations. You can further investigate notable and suspicious entities and their activities using the direct links provided in the workbook to relevant incidents involving these entities.
Investigating blob and file storage compromises with Azure Sentinel (microsoft.com)
This blog post will take an in-depth look at some of the log sources we used behind the scenes to connect these events. We’ll also cover in more detail how to analyze blob and file storage logs. As well as looking at the log sources, we’ll explore some additional hunting queries and detections that can be added to your Azure Sentinel hunting arsenal. All of the queries within this post can be found liked at the bottom.
Whats new: Azure Sentinel and Microsoft 365 Defender incident integration - Microsoft Tech Community
Building on our promise for a modernized approach to threat protection with integrated SIEM and XDR, we are happy to share a deeper integration between Azure Sentinel and Microsoft 365 Defender, making it easier than ever to harness the breadth of SIEM alongside the depth of XDR.