Azure Sentinel News
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence
No Result
View All Result
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence
No Result
View All Result
Azure Sentinel News
No Result
View All Result
Home SOC

Azure Sentinel Sigma & SOC Prime Integration (Part 3): Deploy to multiple workspaces and tenants

Azure Sentinel News Editor by Azure Sentinel News Editor
December 4, 2020
in SOC
0
Microsoft’s newest sustainable datacenter region coming to Arizona in 2021
6.1kViews
460 Shares Share on Facebook Share on Twitter

If you’re an investigator who wants to be proactive about looking for security threats, Azure Sentinel powerful hunting search and query tools to hunt for security threats across your organization’s data sources. But your systems and security appliances generate mountains of data that can be difficult to parse and filter into meaningful events.

In the third installment of this blog series we focus on the new enhancements to this integration that will provide additional flexibility and advance your threat hunting efforts. In Part 1, we covered the steps to convert Sigma rules to Azure Sentinel using SOC Prime’s Uncoder.io tool. In the second installment of this blog we focused on the ability to advance your security analytics with SOC Prime’s extensive threat detection marketplace.

In this blog we’re thrilled to announce new enhancements to the integration between Azure Sentinel and SOC Prime which aim to help organizations save their security awareness and reduce implementation time.

Azure Sentinel | SOC Prime Multi-Tenancy 

SOC Prime’s intuitive platform enables you to filter and consume rules for your desired platform, in our case – Azure Sentinel rules or queries. In the second installment, we provided details on the ability to consume rules to your Azure Sentinel instance and the steps to configure the Azure Sentinel API. We are happy to announce the Multi-tenancy hook between Azure Sentinel and SOC Prime, your security team can now consume rules and queries for more than one tenant. :cool:

To add another Azure Sentinel tenant press the ‘Microsoft Azure Sentinel API Configuration’ button. You can a add new configuration, edit, or delete existing configuration. For example, a test, and production environment.

Multitenancy.gif

Deploy Hunting Queries from TDM to Azure Sentinel

It’s a no brainer that there is a call a proactive threat hunting approach. The integration has now been enhanced to enable your security team to consume hunting queries right into Azure Sentinel. Now you can simply use the “Deploy In My Sentinel” button in your TDM account to deploy queries into your saved Hunting queries.

hunting (1).gif

Putting it all together – View & Edit in Azure Sentinel

After you receive the success message from SOC Prime, the query is deployed in your Azure Sentinel instance. The rule will be available under the ‘Hunting’ tab in the list of saved queries. In Azure Sentinel, you have the ability to view/edit the rule and thoroughly understand the use case and MITRE ATT&CK tactics or technique it correlates to. Additionally, your security team will be able to proactively look for new anomalies that weren’t detected by your security apps and ask the right questions to find issues in the data you already have on your network.

View&Edit.png

Referhttps://techcommunity.microsoft.com/t5/azure-sentinel/azure-sentinel-sigma-amp-soc-prime-integration-part-3-deploy-to/ba-p/1333674ence:

Tags: Azure SentinelSIEMThreat hunting
Azure Sentinel News Editor

Azure Sentinel News Editor

Related Posts

Microsoft’s newest sustainable datacenter region coming to Arizona in 2021
SOC

How to Evolve the SOC with Azure Sentinel: Hunting Queries

January 5, 2021
Microsoft’s newest sustainable datacenter region coming to Arizona in 2021
SOC

How to Grant Access to Specific Azure Sentinel Playbooks for Specific Analysts

December 31, 2020
Enriching Windows Security Events with Parameterized Function
SOC

New Private Preview Tag in Azure Sentinel

December 30, 2020
Next Post
Microsoft improves Azure’s security to protect your business

Creating digital tripwires with custom threat intelligence feeds for Azure Sentinel

Enriching Windows Security Events with Parameterized Function

Gain Compliance, Posture, and Protection Insights with this Azure Security Center Related Workbook

ITC Secure Achieves Microsoft Gold Partner Status

Controlling access to Azure Sentinel Data: Resource RBAC

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Follow Us

  • 21.8M Fans
  • 81 Followers

Recommended

Microsoft Ignites 2020 With New Services And Tools For Business Resiliency

Microsoft Ignites 2020 With New Services And Tools For Business Resiliency

3 months ago
Microsoft improves Azure’s security to protect your business

How to Enable the Microsoft Teams Public Preview for Azure Sentinel

2 months ago
Insight Recognized as a Microsoft Security 20/20 Partner Award Winner for Azure Security Deployment Partner of the Year

Remediate Vulnerable Secure Channel Connections with the Insecure Protocols Workbook

3 months ago
Insight Recognized as a Microsoft Security 20/20 Partner Award Winner for Azure Security Deployment Partner of the Year

Remote State Management with Terraform Cloud

3 months ago

Instagram

    Please install/update and activate JNews Instagram plugin.

Categories

  • AI & ML
  • Artificial Intelligence
  • Incident Response
  • IR
  • KQL
  • Security and Compliance
  • Security Ochestration & Automated Response
  • Security Operations
  • SIEM
  • SOAR
  • SOC
  • Threat Intelligence
  • Uncategorized

Topics

anomaly automation Azure Azure DevOps Azure Security Center Azure Sentinel Azure Sentinel API Azure Sentinel Connector BlueVoyant Call cybersecurity Detection file GitHub Hunting Huntingy IAC incident response Incident Triage infrastructure as code Investigation jupyter LAQueryLogs MDR Microsoft microsoft 365 mssp Multitenancy Notebooks Pester Playbooks PowerShell python Records Security Sentinel Sharing SIEM signin Supply Chain teams Threat hunting Watchlists Workbooks XDR
No Result
View All Result

Highlights

New Items of Note on the Azure Sentinel GitHub Repo

Tuning the MCAS Analytics Rule for Azure Sentinel: System Alerts and Feature Deprecation

New Search Capability for Azure Sentinel Incidents

Follow-up: Microsoft Tech Talks Practical Sentinel : A Day in the Life of a Sentinel Analyst

Changes in How Running Hunting Queries Works in Azure Sentinel

Azure Sentinel can now Analyze All Available Azure Active Directory Log Files

Trending

What’s new: Microsoft Teams connector in Public Preview
IR

How to Generate Azure Sentinel Incidents for Testing

by Azure Sentinel News Editor
February 26, 2021
0

Do you want to generate an Incident in Azure Sentinel for testing/demoing? Here’s a couple easy ways...

What’s new: Microsoft Teams connector in Public Preview

Azure Sentinel Notebooks Loses It’s Preview Tag

February 25, 2021
Microsoft’s newest sustainable datacenter region coming to Arizona in 2021

The Holy Grail of Azure Sentinel Data Connections: The Azure Service Diagnostic Setting

February 22, 2021
Microsoft’s newest sustainable datacenter region coming to Arizona in 2021

New Items of Note on the Azure Sentinel GitHub Repo

February 18, 2021
Microsoft’s newest sustainable datacenter region coming to Arizona in 2021

Tuning the MCAS Analytics Rule for Azure Sentinel: System Alerts and Feature Deprecation

February 17, 2021

We bring you the best, latest and perfect Azure Sentinel News, Magazine, Personal Blogs, etc. Visit our landing page to see all features & demos.
LEARN MORE »

Recent News

  • How to Generate Azure Sentinel Incidents for Testing February 26, 2021
  • Azure Sentinel Notebooks Loses It’s Preview Tag February 25, 2021
  • The Holy Grail of Azure Sentinel Data Connections: The Azure Service Diagnostic Setting February 22, 2021

Categories

  • AI & ML
  • Artificial Intelligence
  • Incident Response
  • IR
  • KQL
  • Security and Compliance
  • Security Ochestration & Automated Response
  • Security Operations
  • SIEM
  • SOAR
  • SOC
  • Threat Intelligence
  • Uncategorized

[mc4wp_form]

Copyright © 2020 - Azure Sentinel News

No Result
View All Result
  • Home
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence

Copyright © 2020 Azure Sentinel News