Similarly, an Azure Logic Apps connector and playbooks from RiskIQ enables customers to automatically enrich incidents in Azure Sentinel with data from the RiskIQ Internet Intelligence Graph. Recorded Future has developed a connector for Azure Logic Apps and playbooks to automate importing indicators and enriching incidents in Azure Sentinel with data from its security intelligence platform.In addition to support for data collection via TAXII, new integration and automation options enable customers to import threat intelligence from additional sources and automate enrichment of security incidents. As before, indicators can be automatically matched against your security data to find threats targeting your organization and provide insights into the prevalence and source of attacks, which can be used to prioritize your response. From the new blade, security analysts can view, filter, tag and search indicators imported from threat intelligence providers as well add new indictors discovered while hunting and investigating threats in Azure Sentinel. Tracking and applying intelligence from multiple sources is much easier with the introduction of a new threat intelligence experience in Azure Sentinel.
The ability to monitor and respond to changing threats is critical to the success of any security operations team. The profile includes contextual information, a timeline of activities and alerts across the most relevant data sources, and insights to inform decision making. Analysts can perform a simple text search (by entity name or another identifier) to find and open an entity profile, or by clicking on an entity while hunting or investigating an incident. New entity profiles provide a unified view of a user or host, including insights from UEBA, with additional entity types coming soon. A UEBA workbook provides an interactive dashboard for investigating suspect users, and built-in queries and analytic rules leverage behavioral insights and anomalies for threat hunting and detection.
Unlike other UEBA solutions, onboarding data sources for behavioral analysis takes just minutes. It works by building a comprehensive profile across time and peer groups horizons to identify anomalous activities and add behavioral insights for threat hunting and detection. So, while this Microsoft Ignite 2020 will be a bit different, and I will miss connecting with many of you in person, I think you will find that our mission has remained steadfast and the lineup of new features launching this year will be as impactful as ever.Īzure Sentinel is launching User and Entity Behavioral Analytics, powered by Microsoft’s proven UEBA platform, to help detect unknown and insider threats. With COVID19 driving cloud adoption and remote work, security operations teams are tasked with securing an increasingly distributed estate, and with budgets tightening due to macroeconomic concerns, managing costs has become even more imperative. The world has changed pretty dramatically since then, but our dedicated team of security researchers and engineers have kept focus on their goal of empowering defenders to combat rapidly evolving threats with increased efficiency. Azure Sentinel became generally available almost exactly a year ago in the weeks leading up to Microsoft Ignite 2019.
0 kommentar(er)
