Correlating Microsoft Defender for Cloud alerts in Sentinel
Incident load is one of the major pain points of modern SOC. One of the methods used to manage alert fatigue is using grouping. In this blog post we will demonstrate a concept for correlating Microsoft Defender for Cloud alerts using Microsoft Sentinel analytics rules. This can be applied to many scenarios made possible using the new ‘Sentinel entities’ entity mapping.Microsoft Sentinel Solution for SAP® Applications - New data exfiltration detection rules
On August 2022, Microsoft Sentinel solution for SAP was made generally available (GA). Together with releasing the Microsoft Sentinel Solution for SAP® Applications, new additional OOTB content has been added. This blog covers five new data exfiltration detection rules included with the Microsoft Sentinel Solution for SAP® Applications (these rules are currently in preview).
Azure Active Directory Identity Protection user account enrichments removed: how to mitigate impact
AADIP connector no longer contains user account enrichment fields. In this post we'll offer mitigation steps you can take, to allow you to self enrich your AADIP data in your Microsoft Sentinel workspace using UEBA's IdentityInfo table.Announcing the enhanced Microsoft Sentinel AWS CloudTrail solution, powered by new MITRE-Based Rules
Use the updated Microsoft Sentinel AWS CloudTrail solution to better protect your AWS environment. The updated solution includes over 70 MITRE-based rules, and monitoring and alerting capabilities to detect suspicious activity in your environment.Anomaly detection on the SAP audit log using the Microsoft Sentinel for SAP solution
Organizations who use the Microsoft for SAP solution obtain valuable security insights from events in the SAP security audit log as it contains trail on many important activities on both standard SAP and customer enhanced events. The current Sentinel solution encapsulates a variety of out of the box detections and visualization based on the valuable information in the SAP security log. We are proud to announce that the new Microsoft Sentinel for SAP Solution is enhanced with a feature designed to detect suspicious events in the SAP security audit log based on deviation from the norm, meaning anomalies, in addition to the existing deterministic detection patterns previously included with the solution.Protect critical information within SAP systems against cyberattacks
SAP systems and applications handle massive volumes of business-critical data that is hosted on cloud or on-premises infrastructure. The SAP ecosystem is complex and difficult for security operations (SecOps) teams to effectively monitor and protect against growing threats. A breach of the SAP system could result in data loss, disruption to business processes, loss of revenue and major reputation damage. Microsoft Sentinel solution for SAP allows you to monitor, detect, and respond to suspicious activities within the SAP environment, protecting your sensitive data against sophisticated cyberattacks.Analytic rules - 'Sentinel entities' new entity type
Kusto Query Language(KQL) is a powerful tool to explore your data, helping you discover patterns, identify anomalies and outliers, create statistical modeling, and more. That being said, parsing entities from records in the Security Alert table (link) is a quite complex task that even the most experienced users in KQL will struggle with. In this blog post, we would like to introduce a new capability that will allow you to map Sentinel entities in an easy way. we will showcase this capability with an example for controlling incident load that can be applies to many other use cases.
