You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/sentinel/whats-new.md
+36Lines changed: 36 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -27,6 +27,42 @@ If you're looking for items older than six months, you'll find them in the [Arch
27
27
>
28
28
> You can also contribute! Join us in the [Microsoft Sentinel Threat Hunters GitHub community](https://github.com/Azure/Azure-Sentinel/wiki).
29
29
30
+
## June 2022
31
+
32
+
-[Microsoft Purview Data Loss Prevention (DLP) integration in Microsoft Sentinel (Preview)](#microsoft-purview-data-loss-prevention-dlp-integration-in-microsoft-sentinel-preview)
33
+
-[Incident update trigger for automation rules (Preview)](#incident-update-trigger-for-automation-rules-preview)
34
+
35
+
### Microsoft Purview Data Loss Prevention (DLP) integration in Microsoft Sentinel (Preview)
36
+
37
+
[Microsoft 365 Defender integration with Microsoft Sentinel](microsoft-365-defender-sentinel-integration.md) now includes the integration of Microsoft Purview DLP alerts and incidents in Microsoft Sentinel's incidents queue.
38
+
39
+
With this feature, you will be able to do the following:
40
+
41
+
- View all DLP alerts grouped under incidents in the Microsoft 365 Defender incident queue.
42
+
43
+
- View intelligent inter-solution (DLP-MDE, DLP-MDO) and intra-solution (DLP-DLP) alerts correlated under a single incident.
44
+
45
+
- Retain DLP alerts and incidents for **180 days**.
46
+
47
+
- Hunt for compliance logs along with security logs under Advanced Hunting.
48
+
49
+
- Take in-place administrative remediation actions on users, files, and devices.
50
+
51
+
- Associate custom tags to DLP incidents and filter by them.
52
+
53
+
- Filter the unified incident queue by DLP policy name, tag, Date, service source, incident status, and user.
54
+
55
+
In addition to the native experience in the Microsoft 365 Defender Portal, customers will also be able to use the one-click Microsoft 365 Defender connector to [ingest and investigate DLP incidents in Microsoft Sentinel](/microsoft-365/security/defender/investigate-dlp).
56
+
57
+
58
+
### Incident update trigger for automation rules (Preview)
59
+
60
+
Automation rules are an essential tool for triaging your incidents queue, reducing the noise in it, and generally coping with the high volume of incidents seamlessly and transparently. Until today you could create and run automation rules and playbooks that would run upon the creation of an incident, but your automation options were more limited past that point in the incident lifecycle.
61
+
62
+
You can now create automation rules and playbooks that will run when incident fields are modified - for example, when an owner is assigned, when its status or severity is changed, or when alerts and comments are added.
63
+
64
+
Learn more about the [update trigger in automation rules](automate-incident-handling-with-automation-rules.md).
65
+
30
66
## May 2022
31
67
32
68
-[Relate alerts to incidents](#relate-alerts-to-incidents-preview)
0 commit comments