Public preview announcement: Defender for IOT solution for Microsoft Sentinel
We are excited to announce the public preview of our Defender for IoT solution for Microsoft Sentinel. With this solution, Microsoft Sentinel delivers the first in the industry native SOC experience for IT and OT environmentsIoT Entity Page - Enhance IoT/OT Threat Monitoring in Your SOC with Sentinel and Defender for IoT
The new IoT device entity page is designed to help your SOC investigate incidents that involve IoT/OT devices in your environment, by providing the full OT/IoT context through Microsoft Defender for IoT, our agentless IoT/OT security monitoring solution, to Sentinel. This enables SOC teams to detect and respond more quickly across all domains to the entire attack timeline.Defending Critical Infrastructure with the Microsoft Sentinel: IT/OT Threat Monitoring Solution
The Microsoft Sentinel: IT/OT Threat Monitoring with Defender for IoT Solution provides the foundation for building a SOC for monitoring IoT/ OT and includes (1) workbook for visibility/reporting, (14) analytics rules for monitoring, and (4) playbooks for response. The workbook leverages Microsoft Sentinel telemetry to create visualization to understand, analyze, and respond to IoT/OT threats. Understanding alerts over time provides unprecedented insights into security posture and where teams need to focus to harden against threats. Deep links directly to Microsoft Defender for IoT alerts empower analysts to focus on remediating threats rather than pivoting between tools.
Integrating SIEM + XDR: Azure Sentinel and Azure Defender bi-directional incident sync
Azure Sentinel and Azure Defender now share the concept of an incident. This new capability enables you to update or close Azure Defender incidents from within Azure Sentinel and complements a similar feature already available for Microsoft 365 Defender incidents and Azure Sentinel
