What’s New: Microsoft Sentinel | June 2023

Copper Contributor

Microsoft Sentinel: What’s new


1- Classic alert automation due for deprecation

Automated responses to alerts, in the form of playbooks, can be run in one of two ways:

  • Classic: adding the playbook to the list under Alert automation (classic) in the Automated response tab of the analytic rule that produced the alert.

  • Automation rule: creating an automation rule to run in response to the creation of alerts, and the automation rule will run the playbook. This method has several advantages, as described here.

As of June 2023, you can no longer add playbooks to be run using the Classic method; rather, you must use automation rules.

Playbooks in the existing Classic lists will continue to run until this method's scheduled deprecation in March 2026.

We strongly encourage you to migrate any remaining playbooks in your Classic lists to run from automation rules instead. Learn how to migrate playbooks to automation rules.


2- Microsoft Sentinel solution for SAP® applications: new systemconfig.json file

Microsoft Sentinel solution for SAP® applications uses the new systemconfig.json file from agent versions deployed on June 22 and later. For previous agent versions, you must still use the systemconfig.ini file.

0 Replies