We all know how important is security-related aspects these days. Therefore, frequent changes are needed to be made related to security in the cloud to protect our data and infrastructure.
First, let us understand what Azure sentinel is and how it works.
What is Microsoft Azure sentinel?
Microsoft Sentinel is a scalable, cloud-native, security native, and data delivery tool. It delivers security analytics data of your infrastructure and also threat-related issues across the enterprise, it provides a good solution for attack detection, threat visibility, and threat response.
Some of the most common use of Azure sentinel is as follows –
1) It collects data from your infrastructure and native applications and provides a proper UI for this
2) It detects the threat and acts accordingly
3) Investigates threats with Azure AI
4) Responds to threats actively with automation acts
What are the updates in Azure sentinel-
1) New automation rules –
They have now automated run books that are built on the alert trigger. Previously this can be run only by attaching them to analytics rules on an individual basis. With this alert trigger, a single automation rule can be attached to many analytics rules. It will allow you to manage playbooks and analytics in a centralized way.
2) Integrated Data loss prevention in Microsoft sentinel –
You can view all the DLP alerts under incidents in Microsoft 365 defender incident queue. You can retain the alerts for 180 days. You can also hunt for compliance logs for the security logs under advance hunting.
3) Custom Log ingestion –
It allows you to send custom-format logs from any data source to your Log Analytics workspace, and store those logs either in certain specific standard tables or in custom-formatted tables that you create.
4) View MITRE support –
Microsoft Sentinel now provides a new MITRE page, which highlights the MITRE tactic and technique coverage you currently have, and can configure, for your organization.
Select items from the Active menus at the top of the page to view the detections currently active in your workspace, and the simulated detections available for you to configure.
5) Restore archive logs from search –
When you need to do a full investigation on data stored in archived logs, restore a table from the search page in Microsoft Sentinel. It Specifies a target table and time range for the data you want to restore. Within a few minutes, the log data is restored and available within the Log Analytics workspace.
These were the lates updates on Azure sentinal. If you want to know more about Azure DevOps and its offerings, click here.