You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: unified-secops-platform/whats-new.md
+14-12Lines changed: 14 additions & 12 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -21,33 +21,35 @@ ms.topic: concept-article
21
21
22
22
This article lists recent features added for unified security operations in the Microsoft Defender portal.
23
23
24
+
24
25
## November 2025
25
26
26
27
### New Entity Behavior Analytics (UEBA) experiences in the Defender portal (Preview)
27
28
28
29
Microsoft Sentinel introduces new UEBA experiences in the Defender portal, bringing behavioral insights directly into key analyst workflows. These enhancements help analysts prioritize investigations and apply UEBA context more effectively.
29
30
30
-
#### Prioritize users with anomalies
31
+
#### Anomaly-focused user investigations
32
+
33
+
In the Defender portal, users with behavioral anomalies are automatically tagged with **UEBA Anomalies**, helping analysts quickly identify which users to prioritize.
34
+
35
+
Analysts can view the top three anomalies from the past 30 days in a dedicated Top UEBA anomalies section, available in:
31
36
32
-
Analysts can view the top three anomalies from the last 30 days in a dedicated section on the User entity page and side panel, available in:
33
37
- User side panels accessible from various portal locations.
34
-
- Overview tab of user entity pages.
35
-
- Direct links to anomalies queries and Sentinel events timeline.
38
+
- The **Overview** tab of user entity pages.
39
+
40
+
This section also includes direct links to anomaly queries and the Sentinel events timeline, enabling deeper investigation and faster context gathering.
36
41
37
-
#### Launch anomaly queries from incident graphs
42
+
#### Drilldown to user anomalies from incident graphs
38
43
39
-
Incident graphs include a built-in Go Hunt query for user anomalies:
40
-
- Accessible directly from the incident graph.
41
-
- Provides contextual UEBA results in the hunt pane.
42
-
- Enables immediate context and investigation expansion based on UEBA outcomes.
44
+
Analysts can quickly access all anomalies related to a user by selecting **Go Hunt > All user anomalies** from the incident graph. This built-in query provides immediate UEBA context to support deeper investigation.
43
45
44
-
#### Enrich Advanced Hunting and custom detection queries with behavior insights
46
+
#### Enriched advanced hunting and custom detections queries with behavior insights
45
47
46
-
Advanced hunting and custom detection experiences now include a contextual banner that suggests joining the UEBA Anomalies table to queries that include UEBA data sources. The banner appears when you query eligible tables that feed the UEBA engine.
48
+
Advanced hunting and custom detection experiences now include a contextual banner that prompts analysts to join the UEBA Anomalies table to queries that include UEBA data sources.
47
49
48
50
All features require UEBA to be enabled and are workspace-scoped to the currently selected workspace.
49
51
50
-
For more information, see [How UEBA empowers analysts and streamlines workflows](/azure/sentinel/identify-threats-with-entity-behavior-analytics.md#how-ueba-empowers-analysts-and-streamlines-workflows).
52
+
For more information, see [UEBA experiences in the Defender portal empower analysts and streamline workflows](/azure/sentinel/identify-threats-with-entity-behavior-analytics.md#ueba-experiences-in-the-defender-portal-empower-analysts-and-streamline-workflows).
0 commit comments