You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/sentinel/sentinel-solutions-deploy.md
+14-11Lines changed: 14 additions & 11 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -32,7 +32,7 @@ For more information about other roles and permissions supported for Microsoft S
32
32
33
33
## Discover content
34
34
35
-
The content hub offers the best way to find new content or manage the solutions you already installed.
35
+
The content hub offers the best way to find new content or manage the solutions you already installed.
36
36
37
37
1. For Microsoft Sentinel in the [Azure portal](https://portal.microsoft.com), under **Content management**, select **Content hub**.
38
38
@@ -44,17 +44,18 @@ The content hub offers the best way to find new content or manage the solutions
44
44
45
45
1. Select the **Card view** to view more information about a solution.
46
46
47
-
If a solution that you deployed has updates since you last deployed it, the list view shows **Update** in the status column. The solution is also included in the **Updates** count at the top of the page.
48
-
49
-
Each content item shows categories that apply to it, and solutions show the types of content included.
50
-
For example, in the following image, the **Cisco Umbrella** solution lists one of its categories as **Security - Cloud Security**, and indicates it includes a data connector, analytics rules, hunting queries, playbooks, and more.
47
+
Each content item shows categories that apply to it, and solutions show the types of content included. For example, in the following image, the **Cisco Umbrella** solution lists one of its categories as **Security - Cloud Security**, and indicates it includes a data connector, analytics rules, hunting queries, playbooks, and more.
51
48
52
-
:::image type="content" source="./media/sentinel-solutions-deploy/solutions-list.png" alt-text="Screenshot of the Microsoft Sentinel content hub.":::
49
+
:::image type="content" source="./media/sentinel-solutions-deploy/solutions-list.png" alt-text="Screenshot of the Microsoft Sentinel content hub.":::
53
50
54
51
55
52
## Install or update content
56
53
57
-
Standalone content and solutions can be installed individually or all together in bulk. For more information on bulk operations, see [Bulk install and update content](#bulk-install-and-update-content) in the next section. Here's an example showing the install of an individual solution.
54
+
Install standalone content and solutions individually or all together in bulk. For more information on bulk operations, see [Bulk install and update content](#bulk-install-and-update-content) in the next section.
55
+
56
+
If a solution that you deployed has updates since you last deployed it, the list view shows **Update** in the status column. The solution is also included in the **Updates** count at the top of the page.
57
+
58
+
Here's an example showing the install of an individual solution.
58
59
59
60
1. In the **Content hub**, search for and select the solution.
60
61
@@ -67,17 +68,18 @@ Standalone content and solutions can be installed individually or all together i
67
68
68
69
1. Select **Next** to go through the remaining tabs to learn about, and in some cases configure, each of the content components.
69
70
70
-
The tabs displayed correspond with the content offered by the solution. Different solutions might have different types of content, so you might not see all the same tabs in every solution.
71
+
The tabs correspond with the content offered by the solution. Different solutions might have different types of content, so you might not see the same tabs in every solution.
71
72
72
73
You might also be prompted to enter credentials to a third party service so that Microsoft Sentinel can authenticate to your systems. For example, with playbooks, you might want to take response actions as prescribed in your system.
73
74
74
-
1. Finally, in the **Review + create** tab, wait for the `Validation Passed` message, then select **Create** or **Update** to deploy the solution. You can also select the **Download a template for automation** link to deploy the solution as code.
75
+
1. In the **Review + create** tab, wait for the `Validation Passed` message.
76
+
1. Select **Create** or **Update** to deploy the solution. You can also select the **Download a template for automation** link to deploy the solution as code.
75
77
76
-
1.Each content type within the solution might require more steps to configure. For more information, see [Enable content items in a solution](#enable-content-items-in-a-solution).
78
+
Each content type within the solution might require more steps to configure. For more information, see [Enable content items in a solution](#enable-content-items-in-a-solution).
77
79
78
80
## Bulk install and update content
79
81
80
-
Content hub supports a list view in addition to the default card view. Select list view to install multiple solutions and standalone content all at once. Standalone content is kept up-to-date automatically. Any active or custom content created based on solutions or standalone content installed from content hub remains untouched.
82
+
Content hub supports a list view in addition to the default card view. Select the list view to install multiple solutions and standalone content all at once. Standalone content is kept up-to-date automatically. Any active or custom content created based on solutions or standalone content installed from content hub remains untouched.
81
83
82
84
1. To install or update items in bulk, change to the list view.
83
85
1. Search for or filter to find the content that you want to install or update in bulk.
@@ -139,6 +141,7 @@ Run the provided hunting query or customize it.
139
141
:::image type="content" source="media/sentinel-solutions-deploy/manage-solution-hunting-query.png" alt-text="Screenshot of cloned hunting query content item in solution for Azure Activity." lightbox="media/sentinel-solutions-deploy/manage-solution-hunting-query.png":::
140
142
141
143
1. To customize your hunting query, select the link in the **Content name** column.
144
+
142
145
From the hunting gallery, you can create a clone of the read-only hunting query template by going to the ellipses menu. Hunting queries created in this way display as items in the content hub **Created content** column.
0 commit comments