Azure Sentinel News
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence
No Result
View All Result
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence
No Result
View All Result
Azure Sentinel News
No Result
View All Result
Home Security and Compliance

What’s New: Entity Insights for Convenient Investigation Checks is Now in Public Preview

Azure Sentinel News Editor by Azure Sentinel News Editor
November 12, 2020
in Security and Compliance, Security Ochestration & Automated Response, Security Operations, SOC, Threat Intelligence
0
What’s New: Entity Insights for Convenient Investigation Checks is Now in Public Preview
1.5kViews

This installment is part of a broader series to keep you up to date with the latest features in Azure Sentinel. The installments will be bite-sized to enable you to easily digest the new content.

*Note, this post will be updated with more information at a later time.

When it comes to investigating incidents within a Security Operation Center (SOC), valuable time can be measured in a matter of seconds. SOC Analysts tremendously benefit when there is a variety of data available within a convenient location while investigating an incident. Azure Sentinel strives to deliver such an experience. In an effort to achieve this, Azure Sentinel is now offering Entity Insights, which is now in Public Preview!

This new Entity Insights feature will allow for valuable information, such as trends and actions over a time period, to be present while investigating an incident. In order for Insights to be present within the investigation, the following data sources are needed:

  • Syslog
  • Security Events
  • Audit Logs
  • Sign-in Logs
  • Office Activity

These data types provide a variety of Insights for the accounts and hosts. A few examples of the insights are:

  • Actions on Accounts
  • Group Additions
  • Events Cleared (by user, on host)
  • Process Execution
  • Process Rarity
  • Sign-In Activity
  • and more.

Entity Insights performs queries for each Entity to pull in the relevant information. These Insights are the same as the Insights within Entity Analytics (also in Public Preview). The main difference between the two locations is the time period used, in which Entity Insights uses a period around the time of the alert instead of the current time. In the future, all Insights will be posted on the Azure Sentinel GitHub (coming soon).

How to Use:

Entity Analytics can be found within the Investigation Graph. The requirement for the information to appear is to choose an incident that includes a User or Host entity that contains logs for the data types listed above.

When in the Investigation Graph, click on an Entity within the graph. There is an option for ‘Insights’ that will be available on the right side of the screen. When selected, queries will be performed on the Entity and any result that appears will be shown.

Insights will contain relevant events for Hosts and Users to provide context about trends and actions performed.

*Note: If the Insights are blank, there are not any pieces of information to show for that Entity. This can be confirmed by checking Entity Analytics if needed.

When to Use:

Entity Insights can be used with any incident that contains the Host or User entity. This feature is meant to provide valuable information within the Investigation Graph that is already being used. An example of when value is provided by Entity Insights is the gif provided above. The incident is for a password spray attempt. The Entity Insights tab provides the total number of failed sign-ins on one of the administrator accounts over a time period surrounding the alert. This also would have shown if any attempts during the spray were successful.

Get started today!

We encourage you to utilize this new feature to enhance your experience when performing investigations on newly raised incidents.

Try it out and let us know what you think!

Reference: https://techcommunity.microsoft.com/t5/azure-sentinel/what-s-new-entity-insights-for-convenient-investigation-checks/ba-p/1801496

Tags: Azure SentinelInvestigationSecurity
Azure Sentinel News Editor

Azure Sentinel News Editor

Related Posts

Vectra AI and Microsoft partner on security integration
Security and Compliance

Replay Now Available – Microsoft Security Insights 036: Azure Sentinel with Rod Trent

February 8, 2021
What’s new: Microsoft Teams connector in Public Preview
Security Operations

AMA for Azure Sentinel on the Microsoft Security Insights Podcast and Twitch Stream

January 25, 2021
What’s new: Microsoft Teams connector in Public Preview
Security Operations

How to Setup a Managed Identity for the Azure Sentinel Logic App Connector

January 21, 2021
Next Post
Monitoring your Logic Apps Playbooks in Azure Sentinel

Monitoring your Logic Apps Playbooks in Azure Sentinel

New Azure Kubernetes Service (AKS) Security Workbook

New Azure Kubernetes Service (AKS) Security Workbook

Deploying and Managing Azure Sentinel – Ninja style

Deploying and Managing Azure Sentinel - Ninja style

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Follow Us

  • 21.8M Fans
  • 81 Followers

Recommended

New Azure VMware Solution becomes generally available

New Azure VMware Solution becomes generally available

4 months ago
New Azure VMware Solution now generally available in Asia

Using external data sources to enrich network logs using Azure storage and KQL

3 months ago
How to use Microsoft Sysmon, Azure Sentinel to log security events

How to use Microsoft Sysmon, Azure Sentinel to log security events

4 months ago
CRITICALSTART Adds Support for Microsoft Azure Sentinel to MDR Services

CRITICALSTART Adds Support for Microsoft Azure Sentinel to MDR Services

3 months ago

Instagram

    Please install/update and activate JNews Instagram plugin.

Categories

  • AI & ML
  • Artificial Intelligence
  • Incident Response
  • IR
  • KQL
  • Security and Compliance
  • Security Ochestration & Automated Response
  • Security Operations
  • SIEM
  • SOAR
  • SOC
  • Threat Intelligence
  • Uncategorized

Topics

anomaly automation Azure Azure DevOps Azure Security Center Azure Sentinel Azure Sentinel API Azure Sentinel Connector BlueVoyant Call cybersecurity Detection file GitHub Hunting Huntingy IAC incident response Incident Triage infrastructure as code Investigation jupyter LAQueryLogs MDR Microsoft microsoft 365 mssp Multitenancy Notebooks Pester Playbooks PowerShell python Records Security Sentinel Sharing SIEM signin Supply Chain teams Threat hunting Watchlists Workbooks XDR
No Result
View All Result

Highlights

The Holy Grail of Azure Sentinel Data Connections: The Azure Service Diagnostic Setting

New Items of Note on the Azure Sentinel GitHub Repo

Tuning the MCAS Analytics Rule for Azure Sentinel: System Alerts and Feature Deprecation

New Search Capability for Azure Sentinel Incidents

Follow-up: Microsoft Tech Talks Practical Sentinel : A Day in the Life of a Sentinel Analyst

Changes in How Running Hunting Queries Works in Azure Sentinel

Trending

What’s new: Microsoft Teams connector in Public Preview
AI & ML

Azure Sentinel Weekly Newsletter

by Azure Sentinel News Editor
March 1, 2021
0

I’ve sensed this for a while now, but a few days ago it really hit me —...

What’s new: Microsoft Teams connector in Public Preview

How to Generate Azure Sentinel Incidents for Testing

February 26, 2021
What’s new: Microsoft Teams connector in Public Preview

Azure Sentinel Notebooks Loses It’s Preview Tag

February 25, 2021
Microsoft’s newest sustainable datacenter region coming to Arizona in 2021

The Holy Grail of Azure Sentinel Data Connections: The Azure Service Diagnostic Setting

February 22, 2021
Microsoft’s newest sustainable datacenter region coming to Arizona in 2021

New Items of Note on the Azure Sentinel GitHub Repo

February 18, 2021

We bring you the best, latest and perfect Azure Sentinel News, Magazine, Personal Blogs, etc. Visit our landing page to see all features & demos.
LEARN MORE »

Recent News

  • Azure Sentinel Weekly Newsletter March 1, 2021
  • How to Generate Azure Sentinel Incidents for Testing February 26, 2021
  • Azure Sentinel Notebooks Loses It’s Preview Tag February 25, 2021

Categories

  • AI & ML
  • Artificial Intelligence
  • Incident Response
  • IR
  • KQL
  • Security and Compliance
  • Security Ochestration & Automated Response
  • Security Operations
  • SIEM
  • SOAR
  • SOC
  • Threat Intelligence
  • Uncategorized

[mc4wp_form]

Copyright © 2020 - Azure Sentinel News

No Result
View All Result
  • Home
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence

Copyright © 2020 Azure Sentinel News