You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/sentinel/whats-new-archive.md
+47Lines changed: 47 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -25,6 +25,53 @@ Noted features are currently in PREVIEW. The [Azure Preview Supplemental Terms](
25
25
> You can also contribute! Join us in the [Azure Sentinel Threat Hunters GitHub community](https://github.com/Azure/Azure-Sentinel/wiki).
26
26
27
27
28
+
## October 2021
29
+
30
+
-[Windows Security Events connector using Azure Monitor Agent now in GA](#windows-security-events-connector-using-azure-monitor-agent-now-in-ga)
31
+
-[Defender for Office 365 events now available in the Microsoft 365 Defender connector (Public preview)](#defender-for-office-365-events-now-available-in-the-microsoft-365-defender-connector-public-preview)
32
+
-[Playbook templates and gallery now available (Public preview)](#playbook-templates-and-gallery-now-available-public-preview)
33
+
-[Template versioning for your scheduled analytics rules (Public preview)](#manage-template-versions-for-your-scheduled-analytics-rules-public-preview)
### Windows Security Events connector using Azure Monitor Agent now in GA
37
+
38
+
The new version of the Windows Security Events connector, based on the Azure Monitor Agent, is now generally available. For more information, see [Connect to Windows servers to collect security events](connect-windows-security-events.md?tabs=AMA).
39
+
40
+
### Defender for Office 365 events now available in the Microsoft 365 Defender connector (Public preview)
41
+
42
+
In addition to those from Microsoft Defender for Endpoint, you can now ingest raw [advanced hunting events](/microsoft-365/security/defender/advanced-hunting-overview) from [Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/overview) through the [Microsoft 365 Defender connector](connect-microsoft-365-defender.md). [Learn more](microsoft-365-defender-sentinel-integration.md#advanced-hunting-event-collection).
43
+
44
+
### Playbook templates and gallery now available (Public preview)
45
+
46
+
A playbook template is a pre-built, tested, and ready-to-use workflow that can be customized to meet your needs. Templates can also serve as a reference for best practices when developing playbooks from scratch, or as inspiration for new automation scenarios.
47
+
48
+
Playbook templates have been developed by the Sentinel community, independent software vendors (ISVs), and Microsoft's own experts, and you can find them in the **Playbook templates** tab (under **Automation**), as part of an [Azure Sentinel solution](sentinel-solutions.md), or in the [Azure Sentinel GitHub repository](https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks).
49
+
50
+
For more information, see [Create and customize playbooks from built-in templates](use-playbook-templates.md).
51
+
52
+
### Manage template versions for your scheduled analytics rules (Public preview)
53
+
54
+
When you create analytics rules from [built-in Azure Sentinel rule templates](detect-threats-built-in.md), you effectively create a copy of the template. Past that point, the active rule is ***not*** dynamically updated to match any changes that get made to the originating template.
55
+
56
+
However, rules created from templates ***do*** remember which templates they came from, which allows you two advantages:
57
+
58
+
- If you made changes to a rule when creating it from a template (or at any time after that), you can always revert the rule back to its original version (as a copy of the template).
59
+
60
+
- If a template is updated, you'll be notified and you can choose to update your rules to the new version of their templates, or leave them as they are.
61
+
62
+
[Learn how to manage these tasks](manage-analytics-rule-templates.md), and what to keep in mind. These procedures apply to any [Scheduled](detect-threats-built-in.md#scheduled) analytics rules created from templates.
63
+
64
+
### DHCP normalization schema (Public preview)
65
+
66
+
The Advanced Security Information Model (ASIM) now supports a DHCP normalization schema, which is used to describe events reported by a DHCP server and is used by Azure Sentinel to enable source-agnostic analytics.
67
+
68
+
Events described in the DHCP normalization schema include serving requests for DHCP IP address leased from client systems and updating a DNS server with the leases granted.
Copy file name to clipboardExpand all lines: articles/sentinel/whats-new.md
-47Lines changed: 0 additions & 47 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -655,53 +655,6 @@ The **Microsoft Sentinel Deception** solution includes a workbook to help you de
655
655
656
656
For more information, see [Deploy and monitor Azure Key Vault honeytokens with Microsoft Sentinel (Public preview)](monitor-key-vault-honeytokens.md).
657
657
658
-
## October 2021
659
-
660
-
-[Windows Security Events connector using Azure Monitor Agent now in GA](#windows-security-events-connector-using-azure-monitor-agent-now-in-ga)
661
-
-[Defender for Office 365 events now available in the Microsoft 365 Defender connector (Public preview)](#defender-for-office-365-events-now-available-in-the-microsoft-365-defender-connector-public-preview)
662
-
-[Playbook templates and gallery now available (Public preview)](#playbook-templates-and-gallery-now-available-public-preview)
663
-
-[Template versioning for your scheduled analytics rules (Public preview)](#manage-template-versions-for-your-scheduled-analytics-rules-public-preview)
### Windows Security Events connector using Azure Monitor Agent now in GA
667
-
668
-
The new version of the Windows Security Events connector, based on the Azure Monitor Agent, is now generally available. For more information, see [Connect to Windows servers to collect security events](connect-windows-security-events.md?tabs=AMA).
669
-
670
-
### Defender for Office 365 events now available in the Microsoft 365 Defender connector (Public preview)
671
-
672
-
In addition to those from Microsoft Defender for Endpoint, you can now ingest raw [advanced hunting events](/microsoft-365/security/defender/advanced-hunting-overview) from [Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/overview) through the [Microsoft 365 Defender connector](connect-microsoft-365-defender.md). [Learn more](microsoft-365-defender-sentinel-integration.md#advanced-hunting-event-collection).
673
-
674
-
### Playbook templates and gallery now available (Public preview)
675
-
676
-
A playbook template is a pre-built, tested, and ready-to-use workflow that can be customized to meet your needs. Templates can also serve as a reference for best practices when developing playbooks from scratch, or as inspiration for new automation scenarios.
677
-
678
-
Playbook templates have been developed by the Sentinel community, independent software vendors (ISVs), and Microsoft's own experts, and you can find them in the **Playbook templates** tab (under **Automation**), as part of an [Azure Sentinel solution](sentinel-solutions.md), or in the [Azure Sentinel GitHub repository](https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks).
679
-
680
-
For more information, see [Create and customize playbooks from built-in templates](use-playbook-templates.md).
681
-
682
-
### Manage template versions for your scheduled analytics rules (Public preview)
683
-
684
-
When you create analytics rules from [built-in Azure Sentinel rule templates](detect-threats-built-in.md), you effectively create a copy of the template. Past that point, the active rule is ***not*** dynamically updated to match any changes that get made to the originating template.
685
-
686
-
However, rules created from templates ***do*** remember which templates they came from, which allows you two advantages:
687
-
688
-
- If you made changes to a rule when creating it from a template (or at any time after that), you can always revert the rule back to its original version (as a copy of the template).
689
-
690
-
- If a template is updated, you'll be notified and you can choose to update your rules to the new version of their templates, or leave them as they are.
691
-
692
-
[Learn how to manage these tasks](manage-analytics-rule-templates.md), and what to keep in mind. These procedures apply to any [Scheduled](detect-threats-built-in.md#scheduled) analytics rules created from templates.
693
-
694
-
### DHCP normalization schema (Public preview)
695
-
696
-
The Advanced Security Information Model (ASIM) now supports a DHCP normalization schema, which is used to describe events reported by a DHCP server and is used by Azure Sentinel to enable source-agnostic analytics.
697
-
698
-
Events described in the DHCP normalization schema include serving requests for DHCP IP address leased from client systems and updating a DNS server with the leases granted.
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments