Jun 4, 2020
Azure Sentinel Threat Hunting Enhancements
What's New
Threat Hunting Enhancements:
- Guides & Feedback Panel
- Prescriptive guidance on underlying data
- Guided Tour
- Columns Chooser
- Persistent Settings
Guides & Feedback
To orient and provide prescriptive guidance on how to maximize the use of the threat hunting capabilities, we’ve added a “Guides & Feedback” panel to Livestream and Notebooks experiences. The panel provides rich information on the technical functionality of the capability, users can find new releases and updates about the feature, and useful links to best practices, tutorials, and links to blogs.
The “Guides & Feedback” panel provides the opportunity to share your ideas and experience with our core engineering team and vote/add your ideas on the Azure Sentinel user voice platform.
We plan to expand the "Guides & Feedback" panels to other features across Azure Sentinel to orient and provide recommended practices and useful links to documentation/tutorials.
Prescriptive guidance on underlying data
Data is the foundation for all your efforts in Azure Sentinel, revisiting data collection conversations will ensure that you have the necessary data to satisfy your use cases in Azure Sentinel. When creating a custom hunting query, we provide prescriptive guidance on the underlying data that is necessary to detect the use case and links to the enable the appropriate data connector.
Guided Tour
For first-time users we've incorporated a guided tour window that provides knowledge transfer on the new improvements added to the hunting capabilities. We will expand the information in the guided tours to provide guidelines on how to initiate your proactive threat hunting journey.
New Columns chooser
The Columns button allows users to personalize the grid by selecting the relevant columns and their order. This enables SOC analysts to have deep flexibility and control over the grid view.
The hunting queries grid offers 3 new columns: Created By, Created Time and Entities.
The bookmarks grid offers 3 new columns: Updated By, Updated Time and Notes.
Persistent Settings
Any changes users make to the grid are now persistent across sessions. That includes: columns width, sorting orders and filter. This enhancement will impact the way your SOC Analyst across Azure Sentinel's hunting capabilities by saving their grid preferences, hence maximizing their scarce time.
This blog post is a collaboration between @Cristhofer Munoz and @Juliango (Julian Gonzalez).
Read more