Azure Sentinel News
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence
No Result
View All Result
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence
No Result
View All Result
Azure Sentinel News
No Result
View All Result
Home Security and Compliance

Azure Sentinel Event Grouping is in Public Preview

Azure Sentinel News Editor by Azure Sentinel News Editor
December 28, 2020
in Security and Compliance
0
Microsoft Debuts Azure Sentinel SIEM, Threat Experts Service
5.4kViews
135 Shares Share on Facebook Share on Twitter

You may have noticed today that a new Public Preview component has made its way into your Azure Sentinel console. But it’s truly possible that you didn’t because the feature is tucked away inside the Analytics Rule wizard.

When you modify an existing Scheduled-type Analytics Rule, or create a brand new one, there’s now an extra Event Grouping option on the Rule Logic step page.

What is Event Grouping?

Event Grouping is yet another way to help adjust the noise in the system to allow your security team to put focus where it needs to put focus to maximize security operations.

With Event Grouping, you have two options:

  1. Group all events into a single alert (the default setting). Using this option, the rule will generate a single alert every time it runs if the query returns more results than the number you have specific for the Alert Threshold.
  2. Trigger an alert for each event. When this option is selected, the rule will generate a unique alert for every event that is returned by the rule logic.

Why might you want to adjust this? This could be useful if you want events to be displayed individually, but more so this is an instance where you might want to group the alerts by specific criteria. A good example would be if you have identified a specific user account, hostname, or IP address that you believe has been compromised and want to track that specifically in the system.

Current limitation: Currently the number of alerts a rule can generate is capped at 20. If in a particular rule, Event grouping is set to Trigger an alert for each event, and the rule’s query returns more than 20 events, each of the first 19 events will generate a unique alert, and the twentieth alert will summarize the entire set of returned events. In other words, the twentieth alert is what would have been generated under the Group all events into a single alert option.

And, as always…

Event Grouping is currently in public preview. This feature is provided without a service level agreement and is not recommended for production workloads. For more information, see Supplemental Terms of Use for Microsoft Azure Previews.

Reference:https://azurecloudai.blog/2020/08/27/azure-sentinel-event-grouping-is-in-public-preview/

Azure Sentinel News Editor

Azure Sentinel News Editor

Related Posts

Vectra AI and Microsoft partner on security integration
Security and Compliance

Replay Now Available – Microsoft Security Insights 036: Azure Sentinel with Rod Trent

February 8, 2021
What’s new: Microsoft Teams connector in Public Preview
Security and Compliance

eBook Available for Managing Azure Sentinel with PowerShell

January 6, 2021
Microsoft is quietly becoming a cybersecurity powerhouse
Security and Compliance

Official Azure Sentinel PowerShell Module Released

January 4, 2021
Next Post
With new release, CrowdStrike targets Google Cloud, Azure and container adopters

Spice Up Your Azure Sentinel KQL Query Results with Emoji

What’s new: Microsoft Teams connector in Public Preview

How to Make Your Azure Sentinel Workbooks Even More Interactive with Drilldowns and Downloads

With new release, CrowdStrike targets Google Cloud, Azure and container adopters

How to Query HaveIBeenPwned Using an Azure Sentinel Playbook

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Follow Us

  • 21.8M Fans
  • 81 Followers

Recommended

Vectra AI and Microsoft partner on security integration

How to Achieve SOC Operational Efficiency for Azure Sentinel Hunting

2 months ago
ForgeRock Joins Microsoft Intelligent Security Association

How to Export and Backup Azure Sentinel Tables Using PowerShell

2 months ago
Open Systems Augments its Cybersecurity Capabilities With Acquisition of Leading Microsoft Azure Sentinel Expert

Guided Hunting Notebook: Base64-Encoded Linux Commands

3 months ago
CRITICALSTART Adds Support for Microsoft Azure Sentinel to MDR Services

Azure Security Center Auto-connect to Sentinel

3 months ago

Instagram

    Please install/update and activate JNews Instagram plugin.

Categories

  • AI & ML
  • Artificial Intelligence
  • Incident Response
  • IR
  • KQL
  • Security and Compliance
  • Security Ochestration & Automated Response
  • Security Operations
  • SIEM
  • SOAR
  • SOC
  • Threat Intelligence
  • Uncategorized

Topics

anomaly automation Azure Azure DevOps Azure Security Center Azure Sentinel Azure Sentinel API Azure Sentinel Connector BlueVoyant Call cybersecurity Detection file GitHub Hunting Huntingy IAC incident response Incident Triage infrastructure as code Investigation jupyter LAQueryLogs MDR Microsoft microsoft 365 mssp Multitenancy Notebooks Pester Playbooks PowerShell python Records Security Sentinel Sharing SIEM signin Supply Chain teams Threat hunting Watchlists Workbooks XDR
No Result
View All Result

Highlights

How to Deploy a Hunting Query to Azure Sentinel from the GitHub Repository

Improved Azure Portal View Makes Switching Between Azure Sentinel LAWs Easier

How to Use Azure Sentinel to Protect Against the Exchange Zero-day

How to Deploy an Analytics Rule to Azure Sentinel from the GitHub Repository

Azure Sentinel Weekly Newsletter

How to Generate Azure Sentinel Incidents for Testing

Trending

With new release, CrowdStrike targets Google Cloud, Azure and container adopters
SOC

How to be Mindful Against Dupes and Noise with the new Azure Sentinel/M365 Defender Integration

by Azure Sentinel News Editor
March 8, 2021
0

I’ve spent a good amount of time so far on this blog talking about steps on how...

With new release, CrowdStrike targets Google Cloud, Azure and container adopters

Microsoft Releases Azure AD My App and New Risk Detections for Identity Protection into GA

March 5, 2021
Vectra AI and Microsoft partner on security integration

How to Take Advantage of the New Virus Total Logic App Connector for Your Azure Sentinel Playbooks

March 4, 2021
Microsoft’s newest sustainable datacenter region coming to Arizona in 2021

How to Deploy a Hunting Query to Azure Sentinel from the GitHub Repository

March 3, 2021
With new release, CrowdStrike targets Google Cloud, Azure and container adopters

Improved Azure Portal View Makes Switching Between Azure Sentinel LAWs Easier

March 3, 2021

We bring you the best, latest and perfect Azure Sentinel News, Magazine, Personal Blogs, etc. Visit our landing page to see all features & demos.
LEARN MORE »

Recent News

  • How to be Mindful Against Dupes and Noise with the new Azure Sentinel/M365 Defender Integration March 8, 2021
  • Microsoft Releases Azure AD My App and New Risk Detections for Identity Protection into GA March 5, 2021
  • How to Take Advantage of the New Virus Total Logic App Connector for Your Azure Sentinel Playbooks March 4, 2021

Categories

  • AI & ML
  • Artificial Intelligence
  • Incident Response
  • IR
  • KQL
  • Security and Compliance
  • Security Ochestration & Automated Response
  • Security Operations
  • SIEM
  • SOAR
  • SOC
  • Threat Intelligence
  • Uncategorized

[mc4wp_form]

Copyright © 2020 - Azure Sentinel News

No Result
View All Result
  • Home
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence

Copyright © 2020 Azure Sentinel News