Azure Sentinel News
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence
No Result
View All Result
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence
No Result
View All Result
Azure Sentinel News
No Result
View All Result
Home Threat Intelligence

Stay ahead of threats with new innovations from Azure Sentinel

Azure Sentinel News Editor by Azure Sentinel News Editor
November 26, 2020
in Threat Intelligence
0
Microsoft introduces integrated Darktrace-a-like, Azure Sentinel
2.8kViews
725 Shares Share on Facebook Share on Twitter

Azure Sentinel became generally available almost exactly a year ago in the weeks leading up to Microsoft Ignite 2019. The world has changed pretty dramatically since then, but our dedicated team of security researchers and engineers have kept focus on their goal of empowering defenders to combat rapidly evolving threats with increased efficiency.

With COVID19 driving cloud adoption and remote work, security operations teams are tasked with securing an increasingly distributed estate, and with budgets tightening due to macroeconomic concerns, managing costs has become even more imperative.

So, while this Microsoft Ignite 2020 will be a bit different, and I will miss connecting with many of you in person, I think you will find that our mission has remained steadfast and the lineup of new features launching this year will be as impactful as ever.

UEBA + Entity Profiles:

Azure Sentinel is launching User and Entity Behavioral Analytics, powered by Microsoft’s proven UEBA platform, to help detect unknown and insider threats. It works by building a comprehensive profile across time and peer groups horizons to identify anomalous activities and add behavioral insights for threat hunting and detection. Unlike other UEBA solutions, onboarding data sources for behavioral analysis takes just minutes. A UEBA workbook provides an interactive dashboard for investigating suspect users, and built-in queries and analytic rules leverage behavioral insights and anomalies for threat hunting and detection.

New entity profiles provide a unified view of a user or host, including insights from UEBA, with additional entity types coming soon. Analysts can perform a simple text search (by entity name or another identifier) to find and open an entity profile, or by clicking on an entity while hunting or investigating an incident. The profile includes contextual information, a timeline of activities and alerts across the most relevant data sources, and insights to inform decision making.

Threat Intelligence

The ability to monitor and respond to changing threats is critical to the success of any security operations team. Tracking and applying intelligence from multiple sources is much easier with the introduction of a new threat intelligence experience in Azure Sentinel. From the new blade, security analysts can view, filter, tag and search indicators imported from threat intelligence providers as well add new indictors discovered while hunting and investigating threats in Azure Sentinel. As before, indicators can be automatically matched against your security data to find threats targeting your organization and provide insights into the prevalence and source of attacks, which can be used to prioritize your response.

In addition to support for data collection via TAXII, new integration and automation options enable customers to import threat intelligence from additional sources and automate enrichment of security incidents. These include:

  • Recorded Future has developed a connector for Azure Logic Apps and playbooks to automate importing indicators and enriching incidents in Azure Sentinel with data from its security intelligence platform. Similarly, an Azure Logic Apps connector and playbooks from RiskIQ enables customers to automatically enrich incidents in Azure Sentinel with data from the RiskIQ Internet Intelligence Graph. Similarly,
  • ThreatConnect, ThreatQuotient, EclecticIQ have joined the list of leading third-party providers that can send indicator feeds directly to Azure Sentinel using the built-in Threat Intelligence Platforms connector.

Watchlists

Analysts often need the ability to correlate security events and insights with other non-security data sources, such as lists of critical assets, trusted systems, or terminated employees. This is often done through time consuming, manual analysis of external data sources. Within the next few weeks, customers will be able to easily import collections of data from external sources as a watchlist in Azure Sentinel. Watchlists can then be used in analytics rules, threat hunting, workbooks, notebooks and within any query as allow/deny lists, contextual clues, and more. Watchlists currently supports CSV file uploads with more options and updates coming soon.

Enterprise-Wide Data Collection

To simplify the process of collecting data at scale from you users, decides, apps, and infra, both on-premises and in the cloud, Azure Sentinel is continuing to deliver new connectors for Microsoft 365 and Azure, as well as other clouds and data collection pipelines. Here are the latest additions:

  • Microsoft 365: The Office 365 connector has been extended to support Microsoft Teams activity logs in addition to SharePoint and Exchange. We’ve released an integration. And, in the coming weeks a connector will add support for raw log data from Microsoft Defender for Endpoint.
  • Azure: Additional visibility into Azure networking data is available through new connectors for Azure Firewall, Azure WAF, and Azure DDoS.
  • Security Products: A growing ecosystem of data connectors powers integration with third party services. In addition to the dozen plus connectors released this Summer, connectors are now available for CyberArk, Citrix WAF (formerly NetScaler WAF), ForgeRock, and Beyond Security.
  • Logstash: A new plug-in enables you to use Azure Sentinel as the output for Logstash, an open source data processing pipeline.

In addition, a new schema, based on the Open Source Security Events Metadata () project, provides a common information model for networking data as well as guidelines for normalizing various entities Customers can write parsers to align networking data from disparate sources for easier analysis and correlation.

Machine Learning

Azure Sentinel makes extensive use of machine learning to fuel built-in analytics, developed by Microsoft security experts and informed by decades of protecting Microsoft services at massive scale. We are continuously developing and refining machine learning models to extend coverage across the MITRE ATT&CK kill chain and address evolving threats. At Microsoft Ignite, we are adding that leverage machine learning to fuse together alerts and events from multiple sources into high severity incidents.

In addition, we are enabling security analysts and data scientists to leverage machine learning to power custom threat hunting and detections in two new ways:

  • Notebooks + Azure Machine Learning: Notebooks in Azure Sentinel are now running on the Azure Machine Learning service, providing a highly customizable Jupyter notebook experience for analyzing your security data, all within a secure Azure cloud environment. Azure Machine Learning offers Intellisense for improved ease of use, support for existing Jupyter and JupyterLab experiences, as well as point-in-time notebook snapshots and a notebook file explorer for easy notebook collaboration. Dedicated compute and multiple pricing options provide increased flexibility and control. Take advantage of built-in security analytics via MSTICPy and Jupyter notebook templates help you get started.
  • Build-Your-Own Machine Learning: A new machine learning framework, including data pipelines, tools, and templates, helps you accelerate development of ML models for your unique use cases, leveraging Microsoft’s shared ML algorithms and best practices. Integration with familiar development environments, tools, and programming languages, like Azure Databricks, Spark, Jupyter Notebooks and Python, reduces the learning curve and development time. The framework makes use of new auto-export capabilities to stream data from your Azure Sentinel workspace to Blob storage or an Event Hub for use in Azure Databricks. You can then use the notebooks included in the ML package to start building your models, score the results and write them back to Azure Sentinel.

IoT/OT

The recent Microsoft acquisition of CyberX opens up exciting new opportunities for organizations to gain security insights into OT networks and devices. Insights from CyberX will be integrated with Azure Defender for IoT and available in October through the existing data connector in Azure Sentinel. This will enable security analysts to detect and defend against attacks that span IT and IoT/OT networks. In addition, sample automation playbooks enable swift action to triage and remediate threats targeting OT environments from within Azure Sentinel.

Community

The Azure Sentinel Threat Hunters community on GitHub continues to grow with over 650 contributions – see the leaderboard for a list of top contributors. The Azure Sentinel Hackathon concluded recently with some awesome cybersecurity solutions. Check out the winning app at Microsoft Ignite 2020 Architecting SecOps for Success session. 

Reference: https://techcommunity.microsoft.com/t5/azure-sentinel/stay-ahead-of-threats-with-new-innovations-from-azure-sentinel/ba-p/1693166

Azure Sentinel News Editor

Azure Sentinel News Editor

Related Posts

With new release, CrowdStrike targets Google Cloud, Azure and container adopters
Threat Intelligence

Tips for Parsing Syslog to Azure Sentinel

December 31, 2020
CRITICALSTART Adds Support for Microsoft Azure Sentinel to MDR Services
Threat Intelligence

Locate all the Preview Goodies in Your Azure Sentinel Console

December 30, 2020
Microsoft is quietly becoming a cybersecurity powerhouse
Threat Intelligence

How to Prohibit an Azure Sentinel Analyst from Editing a Playbook

December 29, 2020
Next Post
The ‘All-Seeing’ Azure Sentinel Provides Omnipresent Level Security

What's new: Analytics FileHash entity hits GA!

Microsoft brings endpoint & Azure security under Microsoft Defender

What’s new: Office 365 Advanced Threat Protection connector in Public Preview

Microsoft renames and unifies more products under Microsoft Defender brand

Azure Sentinel Incident Bi-directional sync with ServiceNow

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Follow Us

  • 21.8M Fans
  • 81 Followers

Recommended

RiskIQ Joins Microsoft Intelligent Security Association

New Reference Workbooks for Azure Sentinel

2 months ago
Microsoft is quietly becoming a cybersecurity powerhouse

Combining Azure Lighthouse with Sentinel’s DevOps capabilities

3 months ago
Microsoft Brings Integrated SIEM and XDR Tools to Defender and Azure Sentinel

Microsoft Brings Integrated SIEM and XDR Tools to Defender and Azure Sentinel

4 months ago
Microsoft is quietly becoming a cybersecurity powerhouse

Security Investigation with Azure Sentinel and Jupyter Notebooks – Part 1

3 months ago

Instagram

    Please install/update and activate JNews Instagram plugin.

Categories

  • AI & ML
  • Artificial Intelligence
  • Incident Response
  • IR
  • KQL
  • Security and Compliance
  • Security Ochestration & Automated Response
  • Security Operations
  • SIEM
  • SOAR
  • SOC
  • Threat Intelligence
  • Uncategorized

Topics

anomaly automation Azure Azure DevOps Azure Security Center Azure Sentinel Azure Sentinel API Azure Sentinel Connector BlueVoyant Call cybersecurity Detection file GitHub Hunting Huntingy IAC incident response Incident Triage infrastructure as code Investigation jupyter LAQueryLogs MDR Microsoft microsoft 365 mssp Multitenancy Notebooks Pester Playbooks PowerShell python Records Security Sentinel Sharing SIEM signin Supply Chain teams Threat hunting Watchlists Workbooks XDR
No Result
View All Result

Highlights

Improved Azure Portal View Makes Switching Between Azure Sentinel LAWs Easier

How to Use Azure Sentinel to Protect Against the Exchange Zero-day

How to Deploy an Analytics Rule to Azure Sentinel from the GitHub Repository

Azure Sentinel Weekly Newsletter

How to Generate Azure Sentinel Incidents for Testing

Azure Sentinel Notebooks Loses It’s Preview Tag

Trending

With new release, CrowdStrike targets Google Cloud, Azure and container adopters
SIEM

Microsoft Releases Azure AD My App and New Risk Detections for Identity Protection into GA

by Azure Sentinel News Editor
March 5, 2021
0

Deploying collateral from our GitHub repository to your Azure Sentinel instance is very similar in that it...

Vectra AI and Microsoft partner on security integration

How to Take Advantage of the New Virus Total Logic App Connector for Your Azure Sentinel Playbooks

March 4, 2021
Microsoft’s newest sustainable datacenter region coming to Arizona in 2021

How to Deploy a Hunting Query to Azure Sentinel from the GitHub Repository

March 3, 2021
With new release, CrowdStrike targets Google Cloud, Azure and container adopters

Improved Azure Portal View Makes Switching Between Azure Sentinel LAWs Easier

March 3, 2021
Microsoft’s newest sustainable datacenter region coming to Arizona in 2021

How to Use Azure Sentinel to Protect Against the Exchange Zero-day

March 3, 2021

We bring you the best, latest and perfect Azure Sentinel News, Magazine, Personal Blogs, etc. Visit our landing page to see all features & demos.
LEARN MORE »

Recent News

  • Microsoft Releases Azure AD My App and New Risk Detections for Identity Protection into GA March 5, 2021
  • How to Take Advantage of the New Virus Total Logic App Connector for Your Azure Sentinel Playbooks March 4, 2021
  • How to Deploy a Hunting Query to Azure Sentinel from the GitHub Repository March 3, 2021

Categories

  • AI & ML
  • Artificial Intelligence
  • Incident Response
  • IR
  • KQL
  • Security and Compliance
  • Security Ochestration & Automated Response
  • Security Operations
  • SIEM
  • SOAR
  • SOC
  • Threat Intelligence
  • Uncategorized

[mc4wp_form]

Copyright © 2020 - Azure Sentinel News

No Result
View All Result
  • Home
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence

Copyright © 2020 Azure Sentinel News