Azure Sentinel News
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence
No Result
View All Result
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence
No Result
View All Result
Azure Sentinel News
No Result
View All Result
Home Security and Compliance

What’s New: HTML and Markdown support for incident comment

Azure Sentinel News Editor by Azure Sentinel News Editor
December 18, 2020
in Security and Compliance
0
Enriching Windows Security Events with Parameterized Function
5.8kViews
583 Shares Share on Facebook Share on Twitter

This installment is part of a broader series to keep you up to date with the latest features in Azure Sentinel. The installments will be bite-sized to enable you to easily digest the new content.

The process of investigation is partly a science and partly an art. The analyst is ultimately building a storyline of what happened to determine whether the chain of events is the result of a malicious actor (often attempting to mask their actions/nature), a normal business/technical process, an innocent mistake, or something else.

As the analyst builds this understanding, they must capture a complete record with their conclusions and reasoning/evidence for future use (case reviews, analyst self-education, re-opening cases that are later linked to active attacks, etc.). Documentation is imperative to the lifecycle of an investigation and having the ability to support various ways to document and add context is necessary for SOC analysts.

With that in mind, we are delighted to announce that we have added the support for rendering HTML and Markdown in the Sentinel incident’s comment section! This gives you the ability to provide immediate value for documenting with additional context and the capability to view the context in a more meaningful way. Learn more about markdown using this reference and the cheatsheet.

For eaxmple, it’s very easy to make some words **bold** and other words *italic* with Markdown. You can even [link to evidence!](http://google.com?q=evidence). The result would look like this:

Additionally, we increased the allowed size of comments from 1000 chars to 3000 chars. This will ensure that you have enough room to include contextual information to the comment field in Azure Sentinel.

Note: At the moment, we do not have an HTML/Markdown visual editor in the comments section. However, you can input HTML/Markdown directly through the UI using the Markdown syntax, or send it using a Logic App or the API and the comment section will render it. We plan to add an HTML/Markdown editor to the comments section. Additionally, we also plan to support editing and deleting of comments.

How to:

Use case: Formatted enrichments using playbooks

Incident enrichment is a major use case is the process of incident triage, investigation, and response. This feature can also be used in tandem with playbooks (LogicApps) to enrich incidents with external information.

The example below shows a comment added by an IP enrichment playbook that captures information from VirusTotal and adds it as a formatted text to the incident comment section:

Get started today!

We encourage you to utilize this new set of features to enhance the way that you are documenting the investigation process and adding contextual information to incidents. 

Try it out and let us know what you think!

Reference:https://techcommunity.microsoft.com/t5/azure-sentinel/what-s-new-html-and-markdown-support-for-incident-comment/ba-p/1747507

Azure Sentinel News Editor

Azure Sentinel News Editor

Related Posts

Vectra AI and Microsoft partner on security integration
Security and Compliance

Replay Now Available – Microsoft Security Insights 036: Azure Sentinel with Rod Trent

February 8, 2021
What’s new: Microsoft Teams connector in Public Preview
Security and Compliance

eBook Available for Managing Azure Sentinel with PowerShell

January 6, 2021
Microsoft is quietly becoming a cybersecurity powerhouse
Security and Compliance

Official Azure Sentinel PowerShell Module Released

January 4, 2021
Next Post
Microsoft announces security, identity, management, and compliance updates across Azure and Office

Ingestion Cost Alert Playbook

ITC Secure Achieves Microsoft Gold Partner Status

Protecting your GitHub assets with Azure Sentinel

Microsoft brings endpoint & Azure security under Microsoft Defender

Move Your Azure Sentinel Logs to Long-Term Storage with Ease

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Follow Us

  • 21.8M Fans
  • 81 Followers

Recommended

Expanding Microsoft Teams Log Data in Azure Sentinel

Expanding Microsoft Teams Log Data in Azure Sentinel

4 months ago
What’s new: Microsoft 365 Defender connector now in Public Preview for Azure Sentinel

What’s new: Microsoft 365 Defender connector now in Public Preview for Azure Sentinel

5 months ago
Microsoft is quietly becoming a cybersecurity powerhouse

What is the app@sharepoint Account in my Azure Sentinel Data?

2 months ago
With new release, CrowdStrike targets Google Cloud, Azure and container adopters

New Feature: Indicator to Show When New Analytics Rules are Available in Azure Sentinel

2 months ago

Instagram

    Please install/update and activate JNews Instagram plugin.

Categories

  • AI & ML
  • Artificial Intelligence
  • Incident Response
  • IR
  • KQL
  • Security and Compliance
  • Security Ochestration & Automated Response
  • Security Operations
  • SIEM
  • SOAR
  • SOC
  • Threat Intelligence
  • Uncategorized

Topics

anomaly automation Azure Azure DevOps Azure Security Center Azure Sentinel Azure Sentinel API Azure Sentinel Connector BlueVoyant Call cybersecurity Detection file GitHub Hunting Huntingy IAC incident response Incident Triage infrastructure as code Investigation jupyter LAQueryLogs MDR Microsoft microsoft 365 mssp Multitenancy Notebooks Pester Playbooks PowerShell python Records Security Sentinel Sharing SIEM signin Supply Chain teams Threat hunting Watchlists Workbooks XDR
No Result
View All Result

Highlights

The Holy Grail of Azure Sentinel Data Connections: The Azure Service Diagnostic Setting

New Items of Note on the Azure Sentinel GitHub Repo

Tuning the MCAS Analytics Rule for Azure Sentinel: System Alerts and Feature Deprecation

New Search Capability for Azure Sentinel Incidents

Follow-up: Microsoft Tech Talks Practical Sentinel : A Day in the Life of a Sentinel Analyst

Changes in How Running Hunting Queries Works in Azure Sentinel

Trending

What’s new: Microsoft Teams connector in Public Preview
AI & ML

Azure Sentinel Weekly Newsletter

by Azure Sentinel News Editor
March 1, 2021
0

I’ve sensed this for a while now, but a few days ago it really hit me —...

What’s new: Microsoft Teams connector in Public Preview

How to Generate Azure Sentinel Incidents for Testing

February 26, 2021
What’s new: Microsoft Teams connector in Public Preview

Azure Sentinel Notebooks Loses It’s Preview Tag

February 25, 2021
Microsoft’s newest sustainable datacenter region coming to Arizona in 2021

The Holy Grail of Azure Sentinel Data Connections: The Azure Service Diagnostic Setting

February 22, 2021
Microsoft’s newest sustainable datacenter region coming to Arizona in 2021

New Items of Note on the Azure Sentinel GitHub Repo

February 18, 2021

We bring you the best, latest and perfect Azure Sentinel News, Magazine, Personal Blogs, etc. Visit our landing page to see all features & demos.
LEARN MORE »

Recent News

  • Azure Sentinel Weekly Newsletter March 1, 2021
  • How to Generate Azure Sentinel Incidents for Testing February 26, 2021
  • Azure Sentinel Notebooks Loses It’s Preview Tag February 25, 2021

Categories

  • AI & ML
  • Artificial Intelligence
  • Incident Response
  • IR
  • KQL
  • Security and Compliance
  • Security Ochestration & Automated Response
  • Security Operations
  • SIEM
  • SOAR
  • SOC
  • Threat Intelligence
  • Uncategorized

[mc4wp_form]

Copyright © 2020 - Azure Sentinel News

No Result
View All Result
  • Home
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence

Copyright © 2020 Azure Sentinel News