Over the past several days, our teams at Microsoft have worked feverishly to put together guidance and content to help customers impacted by the SolarWinds hack.
Specific to Azure Sentinel, see: How to Use Azure Sentinel to Detect SolarWinds SUNBURST
In addition to supplying Analytics Rules, a Workbook, and a Notebook for customers to deploy and use in their own environments, Microsoft also auto-deployed the Analytics Rules to Azure Sentinel customers.
This has also given way to releasing a new and necessary feature that may seem small, but is hugely significant, and been a big ask from a number of customers.
In the Analytics Rules blade, on the Templates tab, there is now a clear indicator when new rules have been made available.
Personally, I still recommend using the GitHub RSS feed for the Azure Sentinel repo to get a better overall understanding when new things are released or are upcoming.
The RSS feed: https://github.com/Azure/Azure-Sentinel/commits/master.atom
[Want to discuss this further? Hit me up on Twitter or LinkedIn]
You must log in to post a comment.