🛡️Get Ahead of Threats with Microsoft Sentinel: Exciting Updates Unveiled in February!🛡️
💥Audit and monitor the health of your analytics rules (Preview).
Microsoft Sentinel’s health monitoring feature is now available for analytics rules in addition to automation rules, playbooks, and data connectors. Also, now available for the first time, and currently only for analytics rules, is Microsoft Sentinel’s audit feature. The audit feature collects information about any changes made to Sentinel resources (analytics rules) so that you can discover any unauthorized actions or tampering with the service.
💥Microsoft 365 Defender data connector is now generally available.
Microsoft 365 Defender incidents, alerts, and raw event data can be ingested into Microsoft Sentinel using this connector. It also enables the bi-directional synchronization of incidents between Microsoft 365 Defender and Microsoft Sentinel. This integration allows you to manage all of your incidents in Microsoft Sentinel, while taking advantage of Microsoft 365 Defender’s specialized tools and capabilities to investigate those incidents that originated in Microsoft 365.
💥Advanced scheduling for analytics rules (Preview).
To give you more flexibility in scheduling your analytics rule execution times and to help you avoid potential conflicts, Microsoft Sentinel now allows you to determine when newly created analytics rules will run for the first time. The default behavior is as it has been for them to run immediately upon creation.
💥New behavior for alert grouping in analytics rules.
Starting February 6, 2023 and continuing through the end of February, Microsoft Sentinel is rolling out a change in the way that incidents are created from analytics rules with certain event and alert grouping settings, and also the way that such incidents are updated by automation rules. This change is being made in order to produce incidents with more complete information and to simplify automation triggered by the creating and updating of incidents.
The affected analytics rules are those with both of the following two settings:
✔️Event grouping is set to Trigger an alert for each event (sometimes referred to as “alert per row” or “alert per result”).
✔️Alert grouping is enabled, in any one of the three possible configurations.
Want to learn more? 💡