The Content hub also indicates the support model applied to each piece of content, as some content is maintained by Microsoft and others are maintained by partners or the community. In the Content hub, filter by categories and other parameters, or use the powerful text search, to find the content that works best for your organization's needs. The Microsoft Sentinel Content hub provides in-product discoverability, single-step deployment, and enablement of end-to-end product, domain, and/or vertical OOTB solutions and content in Microsoft Sentinel. Use the Microsoft Sentinel Content hub to centrally discover and install out-of-the-box (OOTB) content. Discover and manage Microsoft Sentinel content For more information, see the Microsoft Sentinel Solutions Build Guide for solutions' authoring and publishing. You can either customize out-of-the-box (OOTB) content for your own needs, or you can create your own solution with content to share with others in the community. Both solutions and standalone items are discoverable and managed from the Content hub. Solutions are packages of Microsoft Sentinel content or Microsoft Sentinel API integrations, which fulfill an end-to-end product, domain, or industry vertical scenario in Microsoft Sentinel. Microsoft Sentinel offers these content types as solutions and standalone items. Playbooks and Azure Logic Apps custom connectors provide features for automated investigation, remediation, and response scenarios in Microsoft Sentinel.Watchlists support the ingestion of specific data for enhanced threat detection and reduced alert fatigue.Notebooks help SOC teams use advanced hunting features in Jupyter and Azure Notebooks.Hunting queries are used by SOC teams to proactively hunt for threats in Microsoft Sentinel.Analytics rules provide alerts that point to relevant SOC actions via incidents.Workbooks provide monitoring, visualization, and interactivity with data in Microsoft Sentinel, highlighting meaningful insights for users.Parsers provide log formatting/transformation into ASIM formats, supporting usage across various Microsoft Sentinel content types and scenarios.Data connectors provide log ingestion from different sources into Microsoft Sentinel.Microsoft Sentinel content is Security Information and Event Management (SIEM) solution components that enable customers to ingest data, monitor, alert, hunt, investigate, respond, and connect with different products, platforms, and services.Ĭontent in Microsoft Sentinel includes any of the following types:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |