|
Host Microsoft Defender data locally in Switzerland. We are pleased to announce that local data residency support in Switzerland is now generally available for Defender for Endpoint and Defender for Identity.
|
|
Create custom detections that include both Microsoft Sentinel and Defender XDR data. With the Unified Security Operations Platform, you are now able to create a customizable detection to look across both Microsoft Sentinel and Defender XDR data, without requiring any additional ingestion, via Custom detections. You will no longer have to duplicate data across both environments to ensure you are capturing what is necessary. Analytics rules will continue to work on any data ingested into Microsoft Sentinel. Learn more in our documentation. |
|
Advanced hunting query API via Graph API is now available for log analytics data! A new optional parameter "timespan" for the Graph API was added and allows you to query your log analytics data for any lookback time, not only for 30 days. This new parameter is not yet documented, but will get added to this link.
|
|
SOC optimization: unlock the power of precision-driven security management.
A new experience and API is currently in public preview – Microsoft Sentinel’s SOC Optimization, designed to empower security teams with precision-driven management capabilities. Read the announcement blog, and watch the webinar with a live demo.
SOC optimization - Unified Security Operations Platform
|
|
New Ninja show episodes:
- New Defender XDR Copilot for Security Capabilities: Tune into this episode to learn the latest advancements, now available in the April release of Copilot for Security GA. We dive into the notable enhancements and new features, such as Guided Response for all incident types, comprehensive device and file summaries, end-user communications, and much more.
- Answering Your Questions: Attack Disruption Explained: Attack Disruption is an automated response feature, designed to contain an ongoing attack quickly and effectively by leveraging high-confidence signals from both Microsoft Defender and non-Microsoft products. This episode addressees the most frequently asked questions about Attack Disruption and shares clarifications on its functionality.
|