Azure Sentinel News
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence
No Result
View All Result
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence
No Result
View All Result
Azure Sentinel News
No Result
View All Result
Home SOC

What’s New: Improved Incident Closing Experience is now Available!

Azure Sentinel News Editor by Azure Sentinel News Editor
December 11, 2020
in SOC
0
Microsoft renames and unifies more products under Microsoft Defender brand
3.0kViews
854 Shares Share on Facebook Share on Twitter

This installment is part of a broader series to keep you up to date with the latest features in Azure Sentinel. The installments will be bite-sized to allow you to easily digest the new content.

While the primary function of a SOC is providing situational awareness through the detection, containment, and management of security threats; this is coupled with the responsibility to track metrics to measure performance and to make changes to increase SOC efficiency.

From our Microsoft CDOC, we have learned that the metrics you choose to measure has a significant effect on the behaviors and outcomes of security operations. Focusing on the right measurements will help drive continuous improvement in the right areas that meaningfully reduce risk.

Today, we are happy to release the improved incident closing experience!

This feature is meant to help customers track more detailed information on why incidents are closed. Being able to measure these metrics can allow you to enforce alert quality across your SOC, tune out false positives, and adjust processes to improve prioritization and focus.

Today, incident’s status can be either New, In Progress or Close. When changing a status to ‘Close’ you have an option of specifying whether the incident was a False Positive or a True Positive.

In order to collect more information on the incident closing, we made this a mandatory field and provided a set of closing reasons that are based on researchers and customer references:

  • True Positive, suspicious activity
  • Benign Positive, suspicious but expected
  • False Positive, incorrect alert logic
  • False Positive, inaccurate data
  • Undetermined
incidentclosing.gif

We hope this feature will help customers better tune their rules and measure their SOC’s performance and will help us get more detailed information on our own detection’s.

Reference:https://techcommunity.microsoft.com/t5/azure-sentinel/what-s-new-improved-incident-closing-experience-is-now-available/ba-p/1278807

Tags: Azure SentinelDetectionHuntingInvestigationSecurity
Azure Sentinel News Editor

Azure Sentinel News Editor

Related Posts

Microsoft’s newest sustainable datacenter region coming to Arizona in 2021
SOC

How to Evolve the SOC with Azure Sentinel: Hunting Queries

January 5, 2021
Microsoft’s newest sustainable datacenter region coming to Arizona in 2021
SOC

How to Grant Access to Specific Azure Sentinel Playbooks for Specific Analysts

December 31, 2020
Enriching Windows Security Events with Parameterized Function
SOC

New Private Preview Tag in Azure Sentinel

December 30, 2020
Next Post
ITC Secure Achieves Microsoft Gold Partner Status

Enabling security research & hunting with open source IoT attack data

Microsoft’s John Thompson and VMware’s Sanjay Poonen share a similar view of the security landscape

Quick wins - Proactively identify signs of intrusions in real time with Azure Sentinel Livestream

With new release, CrowdStrike targets Google Cloud, Azure and container adopters

Azure Sentinel To-Go (Part1): A Lab w/ Prerecorded Data 😈 & a Custom Logs Pipe via ARM Templates 🚀

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Follow Us

  • 21.8M Fans
  • 81 Followers

Recommended

odix joins the Microsoft Intelligent Security Association (MISA) program extending FileWall security logs to Microsoft Azure Sentinel

odix joins the Microsoft Intelligent Security Association (MISA) program extending FileWall security logs to Microsoft Azure Sentinel

4 months ago
Watching the Watchers: Monitoring Azure Sentinel Query Activity for Malicious Activity.

Why Enabling Entities for Azure Sentinel Investigations is so Important

2 months ago
With new release, CrowdStrike targets Google Cloud, Azure and container adopters

Spice Up Your Azure Sentinel KQL Query Results with Emoji

2 months ago
ForgeRock integrates with Microsoft, Auth0 launches marketplace to secure enterprise digital identity

What’s New: Azure Sentinel Logic Apps Connector improvements and new capabilities

3 months ago

Instagram

    Please install/update and activate JNews Instagram plugin.

Categories

  • AI & ML
  • Artificial Intelligence
  • Incident Response
  • IR
  • KQL
  • Security and Compliance
  • Security Ochestration & Automated Response
  • Security Operations
  • SIEM
  • SOAR
  • SOC
  • Threat Intelligence
  • Uncategorized

Topics

anomaly automation Azure Azure DevOps Azure Security Center Azure Sentinel Azure Sentinel API Azure Sentinel Connector BlueVoyant Call cybersecurity Detection file GitHub Hunting Huntingy IAC incident response Incident Triage infrastructure as code Investigation jupyter LAQueryLogs MDR Microsoft microsoft 365 mssp Multitenancy Notebooks Pester Playbooks PowerShell python Records Security Sentinel Sharing SIEM signin Supply Chain teams Threat hunting Watchlists Workbooks XDR
No Result
View All Result

Highlights

New Items of Note on the Azure Sentinel GitHub Repo

Tuning the MCAS Analytics Rule for Azure Sentinel: System Alerts and Feature Deprecation

New Search Capability for Azure Sentinel Incidents

Follow-up: Microsoft Tech Talks Practical Sentinel : A Day in the Life of a Sentinel Analyst

Changes in How Running Hunting Queries Works in Azure Sentinel

Azure Sentinel can now Analyze All Available Azure Active Directory Log Files

Trending

What’s new: Microsoft Teams connector in Public Preview
IR

How to Generate Azure Sentinel Incidents for Testing

by Azure Sentinel News Editor
February 26, 2021
0

Do you want to generate an Incident in Azure Sentinel for testing/demoing? Here’s a couple easy ways...

What’s new: Microsoft Teams connector in Public Preview

Azure Sentinel Notebooks Loses It’s Preview Tag

February 25, 2021
Microsoft’s newest sustainable datacenter region coming to Arizona in 2021

The Holy Grail of Azure Sentinel Data Connections: The Azure Service Diagnostic Setting

February 22, 2021
Microsoft’s newest sustainable datacenter region coming to Arizona in 2021

New Items of Note on the Azure Sentinel GitHub Repo

February 18, 2021
Microsoft’s newest sustainable datacenter region coming to Arizona in 2021

Tuning the MCAS Analytics Rule for Azure Sentinel: System Alerts and Feature Deprecation

February 17, 2021

We bring you the best, latest and perfect Azure Sentinel News, Magazine, Personal Blogs, etc. Visit our landing page to see all features & demos.
LEARN MORE »

Recent News

  • How to Generate Azure Sentinel Incidents for Testing February 26, 2021
  • Azure Sentinel Notebooks Loses It’s Preview Tag February 25, 2021
  • The Holy Grail of Azure Sentinel Data Connections: The Azure Service Diagnostic Setting February 22, 2021

Categories

  • AI & ML
  • Artificial Intelligence
  • Incident Response
  • IR
  • KQL
  • Security and Compliance
  • Security Ochestration & Automated Response
  • Security Operations
  • SIEM
  • SOAR
  • SOC
  • Threat Intelligence
  • Uncategorized

[mc4wp_form]

Copyright © 2020 - Azure Sentinel News

No Result
View All Result
  • Home
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence

Copyright © 2020 Azure Sentinel News