You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/sentinel/soc-optimization/soc-optimization-reference.md
+7-9Lines changed: 7 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -23,10 +23,8 @@ Use SOC optimization recommendations to help you close coverage gaps against spe
23
23
24
24
Microsoft Sentinel SOC optimizations include the following types of recommendations:
25
25
26
-
-**Threat-based recommendations** suggest adding security controls that help you close coverage gaps.
27
-
28
26
-**Data value recommendations** suggest ways to improve your data use, such as a better data plan for your organization.
29
-
27
+
-**Threat-based recommendations** suggest adding security controls that help you close coverage gaps.
30
28
-**Similar organizations recommendations** suggest ingesting data from the types of sources used by organizations which have similar ingestion trends and industry profiles to yours.
31
29
32
30
This article provides a detailed reference of the types of SOC optimization recommendations available.
@@ -35,7 +33,7 @@ This article provides a detailed reference of the types of SOC optimization reco
35
33
36
34
## Data value optimization recommendations
37
35
38
-
To optimize your cost/security value ratio, SOC optimization surfaces hardly used data connectors or tables, and suggests ways to either reduce the cost of a table or improve its value, depending on your coverage. This type of optimization is also called *data value optimization*.
36
+
To optimize your cost/security value ratio, SOC optimization surfaces hardly used data connectors or tables. SOC optimization suggests ways to either reduce the cost of a table or improve its value, depending on your coverage. This type of optimization is also called *data value optimization*.
39
37
40
38
Data value optimizations only look at billable tables that ingested data in the past 30 days.
41
39
@@ -55,7 +53,7 @@ SOC optimization also surfaces unused columns in your tables. The following tabl
55
53
56
54
| Type of observation | Action |
57
55
|---------|---------|
58
-
| The **ConditionalAccessPolicies** column in the **SignInLogs** table or the **AADNonInteractiveUserSignInLogs** table is not in use. | Stop data ingestion for the column. |
56
+
| The **ConditionalAccessPolicies** column in the **SignInLogs** table or the **AADNonInteractiveUserSignInLogs** table isn't in use. | Stop data ingestion for the column. |
59
57
60
58
61
59
> [!IMPORTANT]
@@ -79,17 +77,17 @@ The following table lists the available types of threat-based SOC optimization r
79
77
80
78
## Similar organizations recommendations
81
79
82
-
SOC optimization uses advanced machine learning to identify tables that are missing from your workspace, but are used by organizations with similar ingestion trends and industry profiles to yours. It shows how other organizations use these tables and recommends to you the relevant data sources, along with related rules, to improve your security coverage.
80
+
SOC optimization uses advanced machine learning to identify tables that are missing from your workspace, but are used by organizations with similar ingestion trends and industry profiles. It shows how other organizations use these tables and recommends the relevant data sources, along with related rules, to improve your security coverage.
83
81
84
82
| Type of observation | Action |
85
83
|---------|---------|
86
-
| Log sources ingested by similar customers are missing | Connect the suggested data sources. <br><br>This recommendation doesn't include: <ul><li>Custom connectors<li>Custom tables<li>Tables that are ingested by fewer than 10 workspaces <li>Tables that contain multiple log sources, like the `Syslog` or `CommonSecurityLog` tables |
84
+
| Log sources ingested by similar customers are missing | Connect the suggested data sources. <br><br>This recommendation doesn't include: <ul><li>Custom connectors<li>Custom tables<li>Tables ingested by fewer than 10 workspaces <li>Tables that contain multiple log sources, like the `Syslog` or `CommonSecurityLog` tables |
87
85
88
86
### Considerations
89
87
90
-
- Not all workspaces get similar organizations recommendations. A workspace receives these recommendations only if our machine learning model identifies significant similarities with other organizations and discovers tables that they have but you don't. SOCs in their early or onboarding stages are generally more likely to receive these recommendations than SOCs with a higher level of maturity.
88
+
- Not all workspaces get similar organizations recommendations. A workspace receives these recommendations only if our machine learning model identifies significant similarities with other organizations and discovers tables that they have but you don't. SOCs in their early or onboarding stages are more likely to receive these recommendations than SOCs with a higher level of maturity.
91
89
92
-
- Recommendations are based on machine learning models that rely solely on Organizational Identifiable Information (OII) and system metadata. The models never access or analyze the content of customer logs or ingest them at any point. No customer data, content, or End User Identifiable Information (EUII) is exposed to the analysis.
90
+
- Recommendations are based on machine learning models that rely solely on Organizational Identifiable Information (OII) and system metadata. The models never access or analyze the content of customer logs or ingest them at any point. No customer data, content, or personal data (EUII) is exposed to the analysis.
Copy file name to clipboardExpand all lines: articles/sentinel/whats-new.md
+5-1Lines changed: 5 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -4,7 +4,7 @@ description: Learn about the latest new features and announcement in Microsoft S
4
4
author: batamig
5
5
ms.author: bagol
6
6
ms.topic: concept-article
7
-
ms.date: 04/01/2025
7
+
ms.date: 04/28/2025
8
8
9
9
#Customer intent: As a security team member, I want to stay updated on the latest features and enhancements in Microsoft Sentinel so that I can effectively manage and optimize my organization's security posture.
10
10
@@ -58,6 +58,10 @@ For more information, see the following articles:
58
58
-[Threat intelligence in Microsoft Sentinel](understand-threat-intelligence.md)
59
59
-[Work with STIX objects and indicators to enhance threat intelligence and threat hunting in Microsoft Sentinel (Preview)](work-with-stix-objects-indicators.md)
60
60
61
+
62
+
### SOC optimization support for unused columns (Preview)
63
+
To optimize your cost/security value ratio, SOC optimization surfaces hardly used data connectors or tables. SOC optimization now surfaces unused columns in your tables. For more information, see [SOC optimization reference of recommendations](soc-optimization/soc-optimization-reference.md#unused-columns-preview).
64
+
61
65
## March 2025
62
66
63
67
-[Agentless connection to SAP now in public preview](#agentless-connection-to-sap-now-in-public-preview)
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments