Azure Sentinel News
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence
No Result
View All Result
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence
No Result
View All Result
Azure Sentinel News
No Result
View All Result
Home SOC

What’s New: Azure Sentinel Threat Hunting Enhancements

Azure Sentinel News Editor by Azure Sentinel News Editor
December 1, 2020
in SOC, Threat Intelligence
0
New Azure VMware Solution becomes generally available
5.1kViews
887 Shares Share on Facebook Share on Twitter

This blog post is a collaboration between @Cristhofer Munoz and @JulianGonzalez (Julian Gonzalez).

This installment is part of a broader series to keep you up to date with the latest features/enhancements in Azure Sentinel. The installments will be bite-sized to enable you to easily digest the new content.

To protect against the current threat landscape, security operations centers (SOC) require a robust set of hunting capabilities. Threat hunting is an iterative, hypothesis-driven process. As the SOC analysts investigate findings, they may either pivot to a new hypothesis, and/or collect additional data to help further evaluate their hypothesis.

To help SOC analysts proactively look for new anomalies that weren’t detected by their security solutions, Azure Sentinel’s built-in hunting capabilities guide you into asking the right questions to find issues in the data you already have on your network.

We are delighted to introduce a set of enhancements that greatly enrich the analyst experience with Azure Sentinel’s hunting capabilities by better tying them together, as well as by providing prescriptive guidance on best practices and how to make the most of these existing capabilities.

Threat Hunting Enhancements:

  • Guides & Feedback Panel
  • Prescriptive guidance on underlying data
  • Guided Tour
  • Columns Chooser
  • Persistent Settings

Guides & Feedback

To orient and provide prescriptive guidance on how to maximize the use of the threat hunting capabilities, we’ve added a “Guides & Feedback” panel to Livestream and Notebooks experiences. The panel provides rich information on the technical functionality of the capability, users can find new releases and updates about the feature, and useful links to best practices, tutorials, and links to blogs.

The “Guides & Feedback” panel provides the opportunity to share your ideas and experience with our core engineering team and vote/add your ideas on the Azure Sentinel user voice platform.

We plan to expand the “Guides & Feedback” panels to other features across Azure Sentinel to orient and provide recommended practices and useful links to documentation/tutorials.

Guides & Feedback.gif

Prescriptive guidance on underlying data

Data is the foundation for all your efforts in Azure Sentinel, revisiting data collection conversations will ensure that you have the necessary data to satisfy your use cases in Azure Sentinel.  When creating a custom hunting query, we provide prescriptive guidance on the underlying data that is necessary to detect the use case and links to the enable the appropriate data connector.

underlyingdata.gif

Guided Tour

For first-time users we’ve incorporated a guided tour window that provides knowledge transfer on the new improvements added to the hunting capabilities. We will expand the information in the guided tours to provide guidelines on how to initiate your proactive threat hunting journey.

GuidedTour.gif

New Columns chooser

The Columns button allows users to personalize the grid by selecting the relevant columns and their order. This enables SOC analysts to have deep flexibility and control over the grid view. 

The hunting queries grid offers 3 new columns: Created By, Created Time and Entities.

The bookmarks grid offers 3 new columns: Updated By, Updated Time and Notes.

columns.gif

Persistent Settings

Any changes users make to the grid are now persistent across sessions. That includes: columns width, sorting orders and filter. This enhancement will impact the way your SOC Analyst across Azure Sentinel’s hunting capabilities by saving their grid preferences, hence maximizing their scarce time.

Reference:https://techcommunity.microsoft.com/t5/azure-sentinel/what-s-new-azure-sentinel-threat-hunting-enhancements/ba-p/1433396

Tags: AzureEnhancementsHunting
Azure Sentinel News Editor

Azure Sentinel News Editor

Related Posts

With new release, CrowdStrike targets Google Cloud, Azure and container adopters
SOC

How to be Mindful Against Dupes and Noise with the new Azure Sentinel/M365 Defender Integration

March 8, 2021
Vectra AI and Microsoft partner on security integration
SOC

How to Take Advantage of the New Virus Total Logic App Connector for Your Azure Sentinel Playbooks

March 4, 2021
Microsoft’s newest sustainable datacenter region coming to Arizona in 2021
SOC

How to Deploy a Hunting Query to Azure Sentinel from the GitHub Repository

March 3, 2021
Next Post
Microsoft is quietly becoming a cybersecurity powerhouse

Secure Working from Home – Deep Insights at Enrolled MEM Assets via Azure Sentinel

With new release, CrowdStrike targets Google Cloud, Azure and container adopters

Protecting MSSP’s Intellectual Property in Azure Sentinel

Vectra AI and Microsoft partner on security integration

Making your Azure Sentinel Workbooks multi-tenant (or multi-workspace)

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Follow Us

  • 21.8M Fans
  • 81 Followers

Recommended

Microsoft’s Azure Sentinel SIEM Service Gains Watchlists Feature

Microsoft’s Azure Sentinel SIEM Service Gains Watchlists Feature

4 months ago
Microsoft Windows Virtual Desktop: A cheat sheet

Microsoft Windows Virtual Desktop: A cheat sheet

4 months ago
Microsoft improves Azure’s security to protect your business

How to align your Analytics with time windows in Azure Sentinel using KQL (Kusto Query Language)

3 months ago
Microsoft improves Azure’s security to protect your business

How to Enable the Microsoft Teams Public Preview for Azure Sentinel

2 months ago

Instagram

    Please install/update and activate JNews Instagram plugin.

Categories

  • AI & ML
  • Artificial Intelligence
  • Incident Response
  • IR
  • KQL
  • Security and Compliance
  • Security Ochestration & Automated Response
  • Security Operations
  • SIEM
  • SOAR
  • SOC
  • Threat Intelligence
  • Uncategorized

Topics

anomaly automation Azure Azure DevOps Azure Security Center Azure Sentinel Azure Sentinel API Azure Sentinel Connector BlueVoyant Call cybersecurity Detection file GitHub Hunting Huntingy IAC incident response Incident Triage infrastructure as code Investigation jupyter LAQueryLogs MDR Microsoft microsoft 365 mssp Multitenancy Notebooks Pester Playbooks PowerShell python Records Security Sentinel Sharing SIEM signin Supply Chain teams Threat hunting Watchlists Workbooks XDR
No Result
View All Result

Highlights

How to Deploy a Hunting Query to Azure Sentinel from the GitHub Repository

Improved Azure Portal View Makes Switching Between Azure Sentinel LAWs Easier

How to Use Azure Sentinel to Protect Against the Exchange Zero-day

How to Deploy an Analytics Rule to Azure Sentinel from the GitHub Repository

Azure Sentinel Weekly Newsletter

How to Generate Azure Sentinel Incidents for Testing

Trending

With new release, CrowdStrike targets Google Cloud, Azure and container adopters
SOC

How to be Mindful Against Dupes and Noise with the new Azure Sentinel/M365 Defender Integration

by Azure Sentinel News Editor
March 8, 2021
0

I’ve spent a good amount of time so far on this blog talking about steps on how...

With new release, CrowdStrike targets Google Cloud, Azure and container adopters

Microsoft Releases Azure AD My App and New Risk Detections for Identity Protection into GA

March 5, 2021
Vectra AI and Microsoft partner on security integration

How to Take Advantage of the New Virus Total Logic App Connector for Your Azure Sentinel Playbooks

March 4, 2021
Microsoft’s newest sustainable datacenter region coming to Arizona in 2021

How to Deploy a Hunting Query to Azure Sentinel from the GitHub Repository

March 3, 2021
With new release, CrowdStrike targets Google Cloud, Azure and container adopters

Improved Azure Portal View Makes Switching Between Azure Sentinel LAWs Easier

March 3, 2021

We bring you the best, latest and perfect Azure Sentinel News, Magazine, Personal Blogs, etc. Visit our landing page to see all features & demos.
LEARN MORE »

Recent News

  • How to be Mindful Against Dupes and Noise with the new Azure Sentinel/M365 Defender Integration March 8, 2021
  • Microsoft Releases Azure AD My App and New Risk Detections for Identity Protection into GA March 5, 2021
  • How to Take Advantage of the New Virus Total Logic App Connector for Your Azure Sentinel Playbooks March 4, 2021

Categories

  • AI & ML
  • Artificial Intelligence
  • Incident Response
  • IR
  • KQL
  • Security and Compliance
  • Security Ochestration & Automated Response
  • Security Operations
  • SIEM
  • SOAR
  • SOC
  • Threat Intelligence
  • Uncategorized

[mc4wp_form]

Copyright © 2020 - Azure Sentinel News

No Result
View All Result
  • Home
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence

Copyright © 2020 Azure Sentinel News