Skip to content

Commit e64ea46

Browse files
prmerger-automator[bot]prmerger-automator[bot]
authored
Merge pull request #287224 from austinmccollum/patch-1
add schema mapping feature
2 parents 26d361c + e234db0 commit e64ea46

File tree

1 file changed

+15
-0
lines changed

1 file changed

+15
-0
lines changed

articles/sentinel/whats-new.md

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -20,12 +20,27 @@ The listed features were released in the last three months. For information abou
2020

2121
## September 2024
2222

23+
- [Schema mapping added to the SIEM migration experience](#schema-mapping-added-to-the-siem-migration-experience)
2324
- [Third-party enrichment widgets to be retired in February 2025](#third-party-enrichment-widgets-to-be-retired-in-february-2025)
2425
- [Azure reservations now have pre-purchase plans available for Microsoft Sentinel](#pre-purchase-plans-now-available-for-microsoft-sentinel)
2526
- [Import/export of automation rules now generally available (GA)](#importexport-of-automation-rules-now-generally-available-ga)
2627
- [Google Cloud Platform data connectors are now generally available (GA)](#google-cloud-platform-data-connectors-are-now-generally-available-ga)
2728
- [Microsoft Sentinel now generally available (GA) in Azure Israel Central](#microsoft-sentinel-now-generally-available-ga-in-azure-israel-central)
2829

30+
### Schema mapping added to the SIEM migration experience
31+
32+
Since the SIEM migration experience became generally available in May 2024, steady improvements have been made to help migrate your security monitoring from Splunk. The following new features let customers provide more contextual details about their Splunk environment and usage to the Microsoft Sentinel SIEM Migration translation engine:
33+
34+
- Schema Mapping
35+
- Support for Splunk Macros in translation
36+
- Support for Splunk Lookups in translation
37+
38+
To learn more about these updates, see [SIEM migration experience](siem-migration.md).
39+
40+
For more information about the SIEM migration experience, see the following articles:
41+
- [Become a Microsoft Sentinel ninja - migration section](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/become-a-microsoft-sentinel-ninja-the-complete-level-400/ba-p/1246310#toc-hId-111398316)
42+
- [SIEM migration update - Microsoft Sentinel blog](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/siem-migration-update-now-migrate-with-contextual-depth-in/ba-p/4241234)
43+
2944
### Third-party enrichment widgets to be retired in February 2025
3045

3146
Effective immediately, you can no longer enable the feature to create enrichment widgets that retrieve data from external, third-party data sources. These widgets are displayed on Microsoft Sentinel entity pages and in other locations where entity information is presented. This change is happening because you can no longer create the Azure key vault required to access these external data sources.

0 commit comments

Comments
 (0)