Azure Sentinel—the cloud-native SIEM that empowers defenders is now generally available
Some of the new features are:
- Workbooks are replacing dashboards, providing for richer analytics and visualizations
- New Microsoft and 3rd party connectors
Detection and hunting:
- Out of the box detection rules: The GitHub detection rules are now built into Sentinel.
- Easy elevation of MTP alerts to Sentinel incidents.
- Built-in detection rules utilizing the threat intelligence connector.
- New ML models to discover malicious SSH access, fuse identity, and access data to detect 35 unique threats that span multiple stages of the kill chain. Fusion is now on by default and managed through the UI
- Template playbooks now available on Github.
- New threat hunting queries and libraries for Jupyter Notebooks
- The interactive investigation graph is now publicly available.
- Incidents support for tagging, comments, and assignments, both manually and automatically using playbooks.
MSSP and enterprise support:
- Azure Lighthouse for multi-tenant management
- RBAC support
For further information:
Product page: https://azure.microsoft.com/en-us/services/azure-sentinel/