Deployment (Part 2)

 



To read part 1, please click here
To read part 3, please click here




Microsoft Sentinel Content Hub

Content in Microsoft Sentinel includes any of the following types:
  • Data connectors offer log ingestion from different sources into Microsoft Sentinel.

  • Parsers give log formatting/transformation into ASIM formats, supporting usage across various Microsoft Sentinel content types and scenarios.

  • Workbooks provide monitoring, visualization, and interactively with data in Microsoft Sentinel, highlighting meaningful insights for users. 

  • Analytics rules give alerts that point to relevant SOC actions via incidents. 

  • Hunting Queries are used by SOC teams to proactively hunt for threats in Microsoft Sentinel.

  • Notebooks help SOC teams in using advanced hunting features in Jupyter and Azure Notebooks.

  • Watchlists support the ingestion of specific data for enhanced threat detection and reduced alert fatigue. 

  • Playbooks and Azure Logic Apps Custom Connectors provide features for automated investigation, remediation, and response scenarios in Microsoft Sentinel. 

Microsoft Sentinel offers these content types as solution and standalone items. One can either customize out-of-the-box (OOTB) content for their own requirements, or create their own solution with content to share others in the community. 

Discover and Manage Microsoft Sentinel Content

The Microsoft Sentinel Content hub offers in-product discoverability, single-step deployment, and enablement of end-to-end product, domain, and/or vertical OOTB solutions and content in Microsoft Sentinel.
  • In the Content hub, filter by categories and other parameters, or the powerful text search can be used, to find the content that works best for the organization's needs. The Content hub also indicates the support model applied to each piece of content, as some content is maintained by partners or the community.

  • Out-of-the-box content can be customized according to the requirements, or custom content can be created, including analytic rules, hunting queries, notebooks, workbooks, and more. The custom content can be managed directly in the Microsoft Sentinel workspace, via the Microsoft Sentinel API, or in own source control repository, via the Microsoft Sentinel Repositories page. 

Why Content Hub Solutions?

Microsoft Sentinel solutions are packaged integrations that deliver end-to-end product value for one or more domain or vertical scenarios in the content hub. 
  • Packaged content are collections of one or more components of Microsoft Sentinel content, such as data connectors, workbooks, analytics rules, playbooks, hunting queries, watchlists, parsers, and more. 

  • Integrations include services or tools built using Microsoft Sentinel or Azure Log Analytics APIs that support integrations between Azure and existing customer applications, or migrate data, queries, and more, from those applications into Microsoft Sentinel. 

Content hub can be used to centrally discover and deploy solutions and OOTB content in a scenario-driven manner. 

Conclusion

This part discusses about Microsoft Sentinel Content Hub, its components, and its importance. 





To read part 1, please click here
To read part 3, please click here




















Comments

Popular posts from this blog

Deployment (Part 3)

Project Resourcing (Part 2)

Design Planning (Part 3)