Jump to content
Microsoft Windows Bulletin Board

Recommended Posts

Posted

Overview

Getting value from Microsoft Sentinel and the Microsoft Unified Security Operations Platform requires deploying the right solutions. Microsoft and our partners offer hundreds of solutions that enable integrating Microsoft Sentinel and the Unified Security Operations Platform with your security and IT systems as well as offer content items such as analytics rules, playbooks and workbooks that provide advanced detection, automation, and reporting capabilities. The Content Hub is the place to go to for identifying the solutions relevant to you.

Until now, when Microsoft Sentinel users, in either the Azure or the Defender portals, could view only the solutions general details. Search was also limited to the solutions' general information. To explore the details of the content items in the solution, the user had to install the solution to see the individual items it included.

With this new preview, users can expand each solution and see the list of items it contains without having to first install the solution.  When searching, the user can list the specific solution items in the results of a search, increasing the visibility and granularity that search offers. The new search capability utilizes AI technology, allowing users to do fuzzy searches and use approximate vocabulary.

Let’s try it out!

Brose to your Sentinel instance, in either the Azure Portal or the Defender portal, and navigate to the Content hub (under Content management on the Azure portal and under Microsoft Sentinel > Content management on the Defender portal).

Now try out some interesting searches. For example, try typing “Brute force attacks” in the search box (1). Don’t forget to hit <enter> to run your search!

The search results reveal that the Microsoft Entra ID, SAP applications and Salesforce Service cloud solutions all provide detection rules for Brute Force attacks for their respect target systems. By browsing to the Brute Force rule in the Salesforce solution (2), you can get more details on the rule (3) without the need to install the solution. If you find the rule useful, you can install the solution directly from the rule information pane (4).

 

 

If you’re aiming to tackle a broader category of threats, AI-powered search can help you quickly zero in on relevant solutions. For example, a simple search for “DNS” will surface detections related to DNS across all solutions. As expected, top results include the “Windows Server DNS” and “DNS Essentials” solutions. But there’s more—solutions like “Threat Intelligence” and vendor-specific options such as Ubiquiti or Digital Guardian also provide powerful tools to combat DNS threats.

The AI-enhanced search goes beyond simple keywords. For instance, if you’re looking for solutions supporting Google Apps (even if you're unsure of their new name), just type “Google Apps.” The search will guide you to the right results and remind you that Google Apps has been rebranded to Google Workspace. This smart functionality ensures you're always working with the most current and accurate information.

 

Want to learn more? Refer to the documentation.

View the full article

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...