Azure Sentinel News
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence
No Result
View All Result
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence
No Result
View All Result
Azure Sentinel News
No Result
View All Result
Home SIEM

Microsoft announces the public preview of Watchlist feature in Azure Sentinel

Azure Sentinel News Editor by Azure Sentinel News Editor
November 13, 2020
in SIEM
0
Microsoft announces the public preview of Watchlist feature in Azure Sentinel
4.6kViews

Back in 2019, Microsoft announced Azure Sentinel, a native Security Information and Event Management (SIEM) tool built within Azure. It allowed SecOps teams to see and stop threats before they cause any harm to the organizations. Microsoft today announced the public preview of Watchlist feature in Azure Sentinel.

Azure Sentinel watchlists will enable the collection of data from external data sources for correlation against the events in an Azure Sentinel environment. SecOps teams can use watchlists in their search, detection rules, threat hunting and response playbooks. The new watchlists feature can be used in the following scenarios:

  • Investigate threats and respond to incidents quickly with fast import of IP addresses, file hashes, etc. from csv files.  Then utilize the watchlist name/value pairs for joining and filtering for use in alert rules, threat hunting, workbooks, notebooks and for general queries. 
  • Import business data, such as user lists with privileged system access as a watchlist.  Then use the watchlist to create allow and deny lists. For example, use a watchlist that contains a list of terminated employees to detect or prevent them from logging in to the network.  
  • Create allow-lists to reduce alert fatigue.  For example, use a watchlist to build an allow list to suppress alerts from only a limited set of IP addresses to do specific functions and thus removing benign events from becoming alerts. 
  • Use watchlists to enrich your event data with field-value combinations derived from external data sources.

Reference: https://mspoweruser.com/microsoft-watchlist-azure-sentinel/

Azure Sentinel News Editor

Azure Sentinel News Editor

Related Posts

With new release, CrowdStrike targets Google Cloud, Azure and container adopters
SIEM

Microsoft Releases Azure AD My App and New Risk Detections for Identity Protection into GA

March 5, 2021
With new release, CrowdStrike targets Google Cloud, Azure and container adopters
SIEM

Improved Azure Portal View Makes Switching Between Azure Sentinel LAWs Easier

March 3, 2021
What’s new: Microsoft Teams connector in Public Preview
SIEM

Changes in How Running Hunting Queries Works in Azure Sentinel

February 11, 2021
Next Post
BT unveils a new range of managed security and advisory services for Microsoft Azure Sentinel

BT unveils a new range of managed security and advisory services for Microsoft Azure Sentinel

Extending Visibility and Response with Microsoft Azure Sentinel and BlueVoyant

Extending Visibility and Response with Microsoft Azure Sentinel and BlueVoyant

Security in Focus at Ignite 2020

Security in Focus at Ignite 2020

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Follow Us

  • 21.8M Fans
  • 81 Followers

Recommended

DIGGING INTO AZURE SENTINEL, MICROSOFT’S NEW SIEM TOOL

DIGGING INTO AZURE SENTINEL, MICROSOFT’S NEW SIEM TOOL

4 months ago
Microsoft improves Azure’s security to protect your business

Azure Sentinel Community – the Shortlinks

2 months ago
Microsoft’s Azure Defender for IoT Uses CyberX Tech

Data Connector Health – Push Notification Alerts

3 months ago
The ‘All-Seeing’ Azure Sentinel Provides Omnipresent Level Security

Securing Remote Work Setups in the Age of COVID-19

4 months ago

Instagram

    Please install/update and activate JNews Instagram plugin.

Categories

  • AI & ML
  • Artificial Intelligence
  • Incident Response
  • IR
  • KQL
  • Security and Compliance
  • Security Ochestration & Automated Response
  • Security Operations
  • SIEM
  • SOAR
  • SOC
  • Threat Intelligence
  • Uncategorized

Topics

anomaly automation Azure Azure DevOps Azure Security Center Azure Sentinel Azure Sentinel API Azure Sentinel Connector BlueVoyant Call cybersecurity Detection file GitHub Hunting Huntingy IAC incident response Incident Triage infrastructure as code Investigation jupyter LAQueryLogs MDR Microsoft microsoft 365 mssp Multitenancy Notebooks Pester Playbooks PowerShell python Records Security Sentinel Sharing SIEM signin Supply Chain teams Threat hunting Watchlists Workbooks XDR
No Result
View All Result

Highlights

How to Deploy a Hunting Query to Azure Sentinel from the GitHub Repository

Improved Azure Portal View Makes Switching Between Azure Sentinel LAWs Easier

How to Use Azure Sentinel to Protect Against the Exchange Zero-day

How to Deploy an Analytics Rule to Azure Sentinel from the GitHub Repository

Azure Sentinel Weekly Newsletter

How to Generate Azure Sentinel Incidents for Testing

Trending

With new release, CrowdStrike targets Google Cloud, Azure and container adopters
SOC

How to be Mindful Against Dupes and Noise with the new Azure Sentinel/M365 Defender Integration

by Azure Sentinel News Editor
March 8, 2021
0

I’ve spent a good amount of time so far on this blog talking about steps on how...

With new release, CrowdStrike targets Google Cloud, Azure and container adopters

Microsoft Releases Azure AD My App and New Risk Detections for Identity Protection into GA

March 5, 2021
Vectra AI and Microsoft partner on security integration

How to Take Advantage of the New Virus Total Logic App Connector for Your Azure Sentinel Playbooks

March 4, 2021
Microsoft’s newest sustainable datacenter region coming to Arizona in 2021

How to Deploy a Hunting Query to Azure Sentinel from the GitHub Repository

March 3, 2021
With new release, CrowdStrike targets Google Cloud, Azure and container adopters

Improved Azure Portal View Makes Switching Between Azure Sentinel LAWs Easier

March 3, 2021

We bring you the best, latest and perfect Azure Sentinel News, Magazine, Personal Blogs, etc. Visit our landing page to see all features & demos.
LEARN MORE »

Recent News

  • How to be Mindful Against Dupes and Noise with the new Azure Sentinel/M365 Defender Integration March 8, 2021
  • Microsoft Releases Azure AD My App and New Risk Detections for Identity Protection into GA March 5, 2021
  • How to Take Advantage of the New Virus Total Logic App Connector for Your Azure Sentinel Playbooks March 4, 2021

Categories

  • AI & ML
  • Artificial Intelligence
  • Incident Response
  • IR
  • KQL
  • Security and Compliance
  • Security Ochestration & Automated Response
  • Security Operations
  • SIEM
  • SOAR
  • SOC
  • Threat Intelligence
  • Uncategorized

[mc4wp_form]

Copyright © 2020 - Azure Sentinel News

No Result
View All Result
  • Home
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence

Copyright © 2020 Azure Sentinel News