You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/sentinel/sentinel-solutions-deploy.md
+19-7Lines changed: 19 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -18,7 +18,9 @@ appliesto:
18
18
19
19
The Microsoft Sentinel Content hub is your centralized location to discover and manage out-of-the-box (built-in) content. There you find packaged solutions for end-to-end products by domain or industry. You have access to the vast number of standalone contributions hosted in our GitHub repository and feature blades.
20
20
21
-
- Discover solutions and standalone content with a consistent set of filtering capabilities based on status, content type, support, provider, and category.
21
+
- Discover solutions and standalone content using AI based search and filtering based on status, content type, support, provider, and category.
22
+
23
+
- Expand solutions to learn more about the content items that they comprise of, to better understand the value they provide.
22
24
23
25
- Install content in your workspace all at once or individually.
24
26
@@ -43,25 +45,35 @@ For more information about other roles and permissions supported for Microsoft S
43
45
44
46
The content hub offers the best way to find new content or manage the solutions you already installed.
45
47
46
-
1. For Microsoft Sentinel in the [Azure portal](https://portal.azure.com), under **Content management**, select **Content hub**.<br> For Microsoft Sentinel in the [Defender portal](https://security.microsoft.com/), select **Microsoft Sentinel** > **Content management** > **Content hub**.
48
+
- For Microsoft Sentinel in the [Azure portal](https://portal.azure.com), under **Content management**, select **Content hub**.<br> For Microsoft Sentinel in the [Defender portal](https://security.microsoft.com/), select **Microsoft Sentinel** > **Content management** > **Content hub**.
47
49
48
50
The **Content hub** page displays a searchable grid or a list of solutions and standalone content.
49
51
50
-
1. Filter the list displayed, either by selecting specific values from the filters, or entering any part of a content name or description in the **Search** field.
52
+
- Search for the solutions of standalone content items that you need. Either use the **AI search field** or filter by selecting specific values from the filters. Using AI search allows you to perform a fuzzy search and use approximate vocabulary. In the following example, you can see several solutions which include specific content items that match the search criteria.
51
53
52
54
For more information, see [Categories for Microsoft Sentinel out-of-the-box content and solutions](sentinel-solutions.md#categories-for-microsoft-sentinel-out-of-the-box-content-and-solutions).
53
55
54
-
1. Select the **Card view** to view more information about a solution.
55
56
56
-
Each content item shows categories that apply to it, and solutions show the types of content included. For example, in the following image, the **Cisco Umbrella** solution lists one of its categories as **Security - Cloud Security**, and indicates it includes a data connector, analytics rules, hunting queries, playbooks, and more.
57
+
> [!IMPORTANT]
58
+
> Make sure you press enter to execute the search based on your search string.
59
+
>
60
+
> The number of search results is limited to 50 items, including solutions and content items found within solutions. If you did not find what you are looking for, try to refine your search expression or use additional filters.
61
+
>
57
62
63
+
- Select a solution from the list to view information about the solution as well as the types of content items it includes. For example, in the following image, the **Windows Security Events** solution indicates it includes two data connector, analytics rules, hunting queries, and playbooks.
58
64
59
-
#### [Azure portal](#tab/azure-portal)
65
+
#### [Azure portal](#tab/azure-portal)
60
66
:::image type="content" source="./media/sentinel-solutions-deploy/solutions-list.png" alt-text="Screenshot of the Microsoft Sentinel content hub in the Azure portal.":::
61
67
62
68
#### [Defender portal](#tab/defender-portal)
63
69
:::image type="content" source="./media/sentinel-solutions-deploy/solutions-list-defender.png" alt-text="Screenshot of the Microsoft Sentinel content hub in the Defender portal.":::
64
70
71
+
- Expand a solution in the result set using the arrow on the left side to view the list of content items it includes. The information pane on the left presents detailed information about the content item.
72
+
73
+
> [!NOTE]
74
+
> Iif you want to use a content item which is part of a solution, you still need to install the entire solution. Therefore there is an “install solution” button on the information panel of the content item, which will install the solution the content item is part of.
75
+
>
76
+
65
77
66
78
## Install or update content
67
79
@@ -222,4 +234,4 @@ In this document, you learned how to find and deploy built-in solutions and stan
222
234
223
235
Many solutions include data connectors that you need to configure so that you can start ingesting your data into Microsoft Sentinel. Each data connector has its own set of requirements that are detailed on the data connector page in Microsoft Sentinel.
224
236
225
-
For more information, see [Connect your data source](data-connectors-reference.md).
237
+
For more information, see [Connect your data source](data-connectors-reference.md).
0 commit comments