Azure Sentinel News
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence
No Result
View All Result
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence
No Result
View All Result
Azure Sentinel News
No Result
View All Result
Home Threat Intelligence

Threat Intelligence menu item in Public Preview!

Azure Sentinel News Editor by Azure Sentinel News Editor
November 26, 2020
in Threat Intelligence
0
Microsoft’s Azure Defender for IoT Uses CyberX Tech
3.8kViews
225 Shares Share on Facebook Share on Twitter

This installment is part of a broader series to keep you up to date with the latest features in Azure Sentinel. The installments will be bite-sized to enable you to easily digest the new content.

Threat intelligence indicators represent data describing known existing or potential threats to systems and users. Threat intelligence addresses many of the challenges Security Operation Centers (SOCs) are faced with today; as a result, successful SOCs are leveraging threat intelligence to improve efficiency in their threat detection, investigation, and response. Here is an example use case of how SOCs use threat intelligence to protect their organizations’ environment. Threat intelligence data provides alert enrichment with additional valuable context such as Severity information, associated Threat Types, and Confidence scores. With such critical information, SOC analysts can make faster and more data-backed decisions in alert validation and prioritization, which helps expedite the incident triage, reduce false positives, and improve the incident analysis.

If your organization works with threat intelligence indicators, having a centralized location to efficiently manage your threat intelligence data is crucial to the success of your threat intelligence research and integration experience. To address this need, we are delighted to announce that the threat intelligence menu item is now available in the Azure Sentinel portal! The menu item serves as a single pane of glass for your SOC personnel to view, create, edit, search, sort, and filter your threat intelligence data.

How to enable and use the new threat intelligence menu item

In your Azure Sentinel portal, navigate to the Threat Management menu, and select Threat Intelligence (Preview). Below are examples of some of the capabilities you can leverage the threat intelligence menu item today.

View indicators

The threat intelligence menu item enables you to conveniently view and access both your custom threat intelligence indicators that you have already created via the User Interface and imported threat intelligence data from external data sources without writing Log Analytics query.

View indicators

Add and delete a new indicator

Previously, to send threat intelligence data into your Azure Sentinel workspace, you would need to utilize the Threat Intelligence Platform (TIP) and TAXII Server data connectors. All your threat intelligence data are stored in the ThreatIntelligenceIndicator table in your Azure Sentinel workspace.

With the new threat intelligence menu item, you can now also create your own custom threat intelligence indicators directly on the Azure Sentinel User Interface. This can be done easily using the “Add new” button on the hero banner of the threat intelligence menu item. 

Deleting an indicator is just as easy as one click using the “Delete” button on the same User Interface.

Add and delete an indicator

Tag an indicator

Tagging is used to categorize and group threat indicators together. Here is an actual example of how you can use tagging. Suppose you are investigating a potential attack and find that the indicator is part of that particular incident, then you can add the incident ID in your desired nomenclature, for example, IncidentID : 1234 to the indicator in Tags. You can later go back to search for all the indicators associated with the incident using the same tag.

Tag an indicator

Edit an indicator

If an indicator is created on the Azure Sentinel User Interface using the “Add new” button, it can be edited at any point in time. To distinguish indicators based on where they are imported from, you can use the Source column on the threat intelligence menu item.

If a threat indicator has the Source column as SecurityGraph then it is imported using the threat intelligence – Platforms data connector.

If the Source column is Azure Sentinel then the indicator is created on the Sentinel User Interface using the “Add new” button on the threat intelligence menu item.

If the Source column is the friendly name of TAXII Server that you have connected via Sentinel, then it is imported using the threat intelligence – TAXII data connector.

Only indicators that have Source as Azure Sentinel can be edited due to security reasons.

Search, Sort, and Filter indicators

With the new threat intelligence menu item, you can easily search for your specific indicators by their Name, Tags, Values, and Description.

The menu item also enables you to sort the indicators by different columns. Currently you can sort them by Name, Source, and Confidence field.

Additionally, filtering indicators can also be done on the Azure Sentinel User Interface by Type, Source, Confidence, Valid Until, and Threat Type.

Search, sort, filter indicators

Guides and feedback

The “Guides & Feedback” panel provides guidance on how to maximize the use of the threat intelligence. It also gives you the opportunity to share your ideas and experience with our core engineering team and vote/add your ideas on the Azure Sentinel user voice platform.

These are just a few highlights of the threat intelligence menu item. For a full list of the functionalities and the step-by-step instruction on how to use a certain feature on there, please refer to the documentation.

Get started today!

We encourage you to use the new threat intelligence menu item to improve efficiency in managing your threat intelligence data in your environment.

Try it out, and let us know what you think!

You can also contribute new connectors, workbooks, analytics and more in Azure Sentinel. Get started now by joining the Azure Sentinel Threat Hunters GitHub community.

Reference: https://techcommunity.microsoft.com/t5/azure-sentinel/what-s-new-threat-intelligence-menu-item-in-public-preview/ba-p/1646597

Tags: incident responseIncident TriageThreat huntingThreat Intelligence
Azure Sentinel News Editor

Azure Sentinel News Editor

Related Posts

With new release, CrowdStrike targets Google Cloud, Azure and container adopters
Threat Intelligence

Tips for Parsing Syslog to Azure Sentinel

December 31, 2020
CRITICALSTART Adds Support for Microsoft Azure Sentinel to MDR Services
Threat Intelligence

Locate all the Preview Goodies in Your Azure Sentinel Console

December 30, 2020
Microsoft is quietly becoming a cybersecurity powerhouse
Threat Intelligence

How to Prohibit an Azure Sentinel Analyst from Editing a Playbook

December 29, 2020
Next Post
Microsoft introduces integrated Darktrace-a-like, Azure Sentinel

Stay ahead of threats with new innovations from Azure Sentinel

The ‘All-Seeing’ Azure Sentinel Provides Omnipresent Level Security

What's new: Analytics FileHash entity hits GA!

Microsoft brings endpoint & Azure security under Microsoft Defender

What’s new: Office 365 Advanced Threat Protection connector in Public Preview

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Follow Us

  • 21.8M Fans
  • 81 Followers

Recommended

Vectra AI and Microsoft partner on security integration

Visualizing Azure Sentinel Billable Data by Solution and Data Type

2 months ago
Microsoft announces security, identity, management, and compliance updates across Azure and Office

Azure Sentinel RBAC Review

2 months ago
Microsoft Buys CyberX To Enhance Azure IoT Security Solutions

Microsoft Buys CyberX To Enhance Azure IoT Security Solutions

4 months ago
Vectra AI and Microsoft partner on security integration

New data from Microsoft shows how the pandemic is accelerating the digital transformation of cyber-security

3 months ago

Instagram

    Please install/update and activate JNews Instagram plugin.

Categories

  • AI & ML
  • Artificial Intelligence
  • Incident Response
  • IR
  • KQL
  • Security and Compliance
  • Security Ochestration & Automated Response
  • Security Operations
  • SIEM
  • SOAR
  • SOC
  • Threat Intelligence
  • Uncategorized

Topics

anomaly automation Azure Azure DevOps Azure Security Center Azure Sentinel Azure Sentinel API Azure Sentinel Connector BlueVoyant Call cybersecurity Detection file GitHub Hunting Huntingy IAC incident response Incident Triage infrastructure as code Investigation jupyter LAQueryLogs MDR Microsoft microsoft 365 mssp Multitenancy Notebooks Pester Playbooks PowerShell python Records Security Sentinel Sharing SIEM signin Supply Chain teams Threat hunting Watchlists Workbooks XDR
No Result
View All Result

Highlights

New Items of Note on the Azure Sentinel GitHub Repo

Tuning the MCAS Analytics Rule for Azure Sentinel: System Alerts and Feature Deprecation

New Search Capability for Azure Sentinel Incidents

Follow-up: Microsoft Tech Talks Practical Sentinel : A Day in the Life of a Sentinel Analyst

Changes in How Running Hunting Queries Works in Azure Sentinel

Azure Sentinel can now Analyze All Available Azure Active Directory Log Files

Trending

What’s new: Microsoft Teams connector in Public Preview
IR

How to Generate Azure Sentinel Incidents for Testing

by Azure Sentinel News Editor
February 26, 2021
0

Do you want to generate an Incident in Azure Sentinel for testing/demoing? Here’s a couple easy ways...

What’s new: Microsoft Teams connector in Public Preview

Azure Sentinel Notebooks Loses It’s Preview Tag

February 25, 2021
Microsoft’s newest sustainable datacenter region coming to Arizona in 2021

The Holy Grail of Azure Sentinel Data Connections: The Azure Service Diagnostic Setting

February 22, 2021
Microsoft’s newest sustainable datacenter region coming to Arizona in 2021

New Items of Note on the Azure Sentinel GitHub Repo

February 18, 2021
Microsoft’s newest sustainable datacenter region coming to Arizona in 2021

Tuning the MCAS Analytics Rule for Azure Sentinel: System Alerts and Feature Deprecation

February 17, 2021

We bring you the best, latest and perfect Azure Sentinel News, Magazine, Personal Blogs, etc. Visit our landing page to see all features & demos.
LEARN MORE »

Recent News

  • How to Generate Azure Sentinel Incidents for Testing February 26, 2021
  • Azure Sentinel Notebooks Loses It’s Preview Tag February 25, 2021
  • The Holy Grail of Azure Sentinel Data Connections: The Azure Service Diagnostic Setting February 22, 2021

Categories

  • AI & ML
  • Artificial Intelligence
  • Incident Response
  • IR
  • KQL
  • Security and Compliance
  • Security Ochestration & Automated Response
  • Security Operations
  • SIEM
  • SOAR
  • SOC
  • Threat Intelligence
  • Uncategorized

[mc4wp_form]

Copyright © 2020 - Azure Sentinel News

No Result
View All Result
  • Home
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence

Copyright © 2020 Azure Sentinel News