Common scenarios using Watchlists (with query examples)!
Watchlists in Microsoft Sentinel allow you to correlate data with events in your Microsoft Sentinel environment. Watchlists can be used for searching, detection rules, threat hunting, and in response playbooks. This blog highlights the 4 common Use-cases for watchlists then goes on to describe sample scenarios associated with each.Anomaly detection on the SAP audit log using the Microsoft Sentinel for SAP solution
Organizations who use the Microsoft for SAP solution obtain valuable security insights from events in the SAP security audit log as it contains trail on many important activities on both standard SAP and customer enhanced events. The current Sentinel solution encapsulates a variety of out of the box detections and visualization based on the valuable information in the SAP security log. We are proud to announce that the new Microsoft Sentinel for SAP Solution is enhanced with a feature designed to detect suspicious events in the SAP security audit log based on deviation from the norm, meaning anomalies, in addition to the existing deterministic detection patterns previously included with the solution.Announcing the enhanced Microsoft Sentinel AWS CloudTrail solution, powered by new MITRE-Based Rules
Use the updated Microsoft Sentinel AWS CloudTrail solution to better protect your AWS environment. The updated solution includes over 70 MITRE-based rules, and monitoring and alerting capabilities to detect suspicious activity in your environment.Microsoft Sentinel Solution for SAP® Applications - New data exfiltration detection rules
On August 2022, Microsoft Sentinel solution for SAP was made generally available (GA). Together with releasing the Microsoft Sentinel Solution for SAP® Applications, new additional OOTB content has been added. This blog covers five new data exfiltration detection rules included with the Microsoft Sentinel Solution for SAP® Applications (these rules are currently in preview).
Azure Active Directory Identity Protection user account enrichments removed: how to mitigate impact
AADIP connector no longer contains user account enrichment fields. In this post we'll offer mitigation steps you can take, to allow you to self enrich your AADIP data in your Microsoft Sentinel workspace using UEBA's IdentityInfo table.Correlating Microsoft Defender for Cloud alerts in Sentinel
Incident load is one of the major pain points of modern SOC. One of the methods used to manage alert fatigue is using grouping. In this blog post we will demonstrate a concept for correlating Microsoft Defender for Cloud alerts using Microsoft Sentinel analytics rules. This can be applied to many scenarios made possible using the new ‘Sentinel entities’ entity mapping.Protect critical information within SAP systems against cyberattacks
SAP systems and applications handle massive volumes of business-critical data that is hosted on cloud or on-premises infrastructure. The SAP ecosystem is complex and difficult for security operations (SecOps) teams to effectively monitor and protect against growing threats. A breach of the SAP system could result in data loss, disruption to business processes, loss of revenue and major reputation damage. Microsoft Sentinel solution for SAP allows you to monitor, detect, and respond to suspicious activities within the SAP environment, protecting your sensitive data against sophisticated cyberattacks.
