Announcing the New Microsoft Sentinel Incident Investigation Experience!
Вставка
- Опубліковано 21 лип 2024
- Tuesday, January 17, 2023, 12:00 PM ET / 9:00 AM PT (webinar recording date)
Microsoft Sentinel Webinar | Announcing the New Microsoft Sentinel Incident Investigation Experience!
Presenter: Michal Shechter & Tiander Turpijn
Description:
In this exciting, demo-rich session, we will take you through the new incident triage and investigation experience, showcasing new features which substantially reduce the time needed to triage and investigate incidents.
Timestamps:
00:00 - Introduction
01:45 - Research Process
03:34 - Main Pain Points
04:27 - Reduce the Time it Takes to Triage, Investigate, and Resolve
09:51 - Demo
47:37 - Outro
SUBSCRIBE for new Microsoft Security videos every week.
aka.ms/SecurityCommunity/Subs...
To ensure you hear about future Microsoft Sentinel webinars and other developments, make sure you join our community by going to aka.ms/SecurityCommunity
#microsoftsentinel #incidentinvestigation #microsoftsecuritycommunity #threatintelligence - Наука та технологія
Really good work. Thank you.
In that top insights pane, i would love to be able to see the last x signins. Im really after what locations the user logged in from, did they come from managed devices, pass conditional access, etc etc
.
I built an Incidents Analytics Workbook, where you type in the incedent number and it resolves the related entites. When you select an Account it shows you their last logins (SigninLogs) with location etc. as well as the last AuditLogs for that account. You can click a direct Link to the AAD user page as well. If you select an IP address, it shows all SigninLogs with that IP (create for those Password Spray Attacks). You can customize all your needs with a Workbook. I'm happy the new experience comes closer to my Workbook now.
Maybe you consider building your own Workbook based on your needs, I found it to be very useful and flexible.
@@HerrKapitaen what a great idea!
Thx!!
This will be very helpful in day to day incident managing.
Amazing!
Awesome 😎
👍👍👍