Azure Sentinel—the cloud-native SIEM that empowers defenders is now generally available
Some of the new features are:
Workbooks are replacing dashboards, providing for richer analytics and visualizations
New Microsoft and 3rd party connectors
Detection and hunting:
Out of the box detection rules: The GitHub detection rules are now built into Sentinel.
Easy elevation of MTP alerts to Sentinel incidents.
Built-in detection rules utilizing the threat intelligence connector.
New ML models to discover malicious SSH access, fuse identity, and access data to detect 35 unique threats that span multiple stages of the kill chain. Fusion is now on by default and managed through the UI
Template playbooks now available on Github.
New threat hunting queries and libraries for Jupyter Notebooks
Incidents:
The interactive investigation graph is now publicly available.
Incidents support for tagging, comments, and assignments, both manually and automatically using playbooks.
By default there are no events created if someone creates or modifieds a scheduled task. To enable logging you have to enable logging of object access.
To view current settings, use the following command:
auditpol.exe /get /category:*
Only Success is required for this. This enables us to get the event 4698
To enable logging, create a new GPO and assign the following settings (depending if you want success/failure or only success)
You also have to configure your agents to send log to your workspace, you can download the agent from the Azure Sentinel workspace / <workspace name> / Advanced Settings
Otherwise, you can add the Sentinel workspace to your existing agents
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.