{"id":16774,"date":"2019-11-05T07:01:01","date_gmt":"2019-11-05T15:01:01","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2019\/11\/05\/news-10513\/"},"modified":"2019-11-05T07:01:01","modified_gmt":"2019-11-05T15:01:01","slug":"news-10513","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2019\/11\/05\/news-10513\/","title":{"rendered":"Azure Sentinel updates: Improve your security operations with innovations from a cloud-native SIEM"},"content":{"rendered":"

Credit to Author: Todd VanderArk| Date: Tue, 05 Nov 2019 14:00:41 +0000<\/strong><\/p>\n

Just a month ago, I communicated the details about Azure Sentinel reaching general availability<\/a>. Since then, many customers have shared how Azure Sentinel has empowered their teams to be nimble and more efficient. ASOS, one of the largest online fashion retailers, is an excellent example of this. Using Azure Sentinel, ASOS has created a bird\u2019s-eye view of everything it needs to spot threats early, allowing it to safeguard its business and its customers proactively. As a result, it has cut issue resolution times in half.<\/p>\n

\n

\u201cSentinel has helped improve the efficiency of our security operations by allowing us to quickly consolidate a large number of disparate security and contextual data sources.\u201d
\u2014George Mudie, Chief Information Security Officer, ASOS<\/p>\n<\/blockquote>\n

Learn more about how ASOS has benefitted from Azure Sentinel<\/a>.<\/p>\n

I am thrilled to come back and share new features available in preview starting this week. These new features highlight continued innovation and progress towards our goal of empowering defenders to do more.<\/p>\n

\n
\t\t\t\t \t\t\t<\/div>\n
\n

Azure Sentinel<\/h3>\n

Intelligent security analytics for your entire enterprise.<\/p>\n

\t\t\t\t \t\t\t\t\tLearn more\t\t\t\t<\/a> \t\t\t<\/div>\n

\t\t<\/div>\n

\t\t <\/p>\n

Collect data from more sources with built-in connectors<\/h3>\n

Azure Sentinel enables you to collect security data across different sources, including Azure, on-premises solutions, and across clouds. Many built-in connectors are available to simplify integration, and new ones are being added continually. Connectors recently introduced by Zscaler, F5, Barracuda, Citrix, ExtraHop, One Identity, and Trend Micro make it easy to collect relevant data and use built-in workbooks and queries to gain insight into data from these solutions. Read more information on the Connect data sources<\/a> page.<\/p>\n

\"Screenshot<\/a><\/p>\n

Accelerate threat hunting with new capabilities<\/h3>\n

The work of threat hunters gets much easier with the addition of built-in hunting queries for Linux and network events. These queries, developed by Microsoft security researchers and community experts, provide a starting point to look for suspicious activity. You can customize hunting queries with the help of IntelliSense and bookmark interesting results for further investigation or sharing with fellow analysts. View the bookmarks alongside alerts in the Investigation graph and make them part of an incident.<\/p>\n

You can now receive an Azure notification when there are new results on a query using the hunting livestream. Promote the livestream query to an Analytic rule if you want to make it part of your incident response workflow.<\/p>\n

\"Image<\/a><\/p>\n

In addition, you can now launch Azure Notebooks directly from Azure Sentinel, making it easy to create and execute Jupyter notebooks to analyze your data. Notebooks combine live code, graphics, visualizations, and text, making them a valuable tool for threat hunters. Choose from a built-in gallery of notebooks developed by Microsoft security researchers or import others from GitHub to get started. These notebooks are the same professional-strength hunting solutions Microsoft\u2019s threat hunters use every day.<\/p>\n

\"Image<\/a><\/p>\n

Connect threat intelligence sources using STIX\/TAXII<\/h3>\n

The existing Threat Intelligence Platforms data connector allows you to integrate threat indicators from a variety of sources for use with Azure Sentinel analytics, hunting, and workbooks. A new Threat Intelligence TAXII connector will add support for threat indicator feeds from open source threat intelligence (OSINT) and threat intelligence platforms supporting this standard protocol and STIX data format. Once your threat intelligence sources are connected, you can:<\/p>\n