Those sneaky Azure Sentinel engineers!
A few new data points have shown up in the Azure Sentinel console, specifically in the Hunting section. These data points are available as new columns in the Hunting display and include:
MITRE ATT&CK Techniques – This is the more specific technique that’s associated with the based tactic. You can find the tactics and techniques at: https://attack.mitre.org
Results Delta and Results Delta Percentage – In the past an Azure Sentinel hunting analyst would need to manually keep track of hunting query result spikes. With these two new data points, tracking is done for you. It will surface any spikes in the last 24-48 hours. These are split into two types of displays (raw numbers versus percentage) so you can select the one you like best. Or, heck, if you have a really wide display and can comfortably accommodate more columns of data without being crowded, choose both.
To enable these, just tap or click the Columns option in the menu, choose the new columns and Apply the new settings.
I believe the Results Delta options are enabled by default, but you’ll definitely need to enable the MITRE Technique.
=========================
[Want to discuss this further? Hit me up on Twitter or LinkedIn]
[Subscribe to the RSS feed for this blog]
[Subscribe to the Weekly Azure Sentinel Newsletter]
[Subscribe to the Bi-Weekly Azure Security Center Newsletter]
