What's New: Updated Azure Sentinel Documentation July Edition

Published Jul 26 2021 11:16 AM 3,114 Views
Microsoft

A big thank you to the Azure Sentinel CxE team for helping make this happen and a big thank you to Batami Gold for putting the documents together and organizing them. 

 

A new effort has begun to create and upload content around commonly asked questions as well as best practices for using the product. With this, we have posted 3 new documents and updated some others that are live now!

 

New documents:

Pre-deployment best practices: This document serves as a place to check while going through pre-deployment planning. It contains information about topics such as requirements, items to prioritize, and best practices for working with workspaces.

 

General best practices: This document covers general topics, such as tasks to perform and how often they should be performed, integrating Azure Sentinel with the other Microsoft security services, and incident response options.

 

Data collection best practices:  This document covers topics to consider when collecting logs, whether it is through a built-in connector or custom method.

 

To avoid duplication of information and long running documents, there are best practices that can be found within the different documents for Azure Sentinel. Two examples would be commonly used Azure Sentinel workbooks and cost and billing. Both documents cover what is recommended and how to go about using the different features or methods within your Azure Sentinel environment. If you don't see something that you would expect, chances are that the item is covered under another document.

 

Updated content:

There are a few documents that have been updated with new content to cover newly developed concepts or questions that have been brought up. An example is the costs and billing document, which covers which data sources are free, which services generate cost when using Azure Sentinel, and options for cost management. 

 

costsandbilling.gif

 

Updated structure: 

Along with the new content, the navigation pane has been updated as well to have a better flow and easier navigation. Before, documents were given scenario based titles and fell within different topics that included different features within the same bucket. With the update, documents are now broken into subtopics based on feature, with the use case listed within the title. As time goes on, new content and best practices can be found under the feature topics based on relevancy.

docs.gif

 

As mentioned, as time goes on we will be adding more content and best practices to our documents so please keep an eye on them! Go ahead and check out the new and updated content within the docs that are out today.

 

If there are topics that are not covered or if you find content that is not helpful, not clear, or out of date, please let us know in the comments here so that we can get the content created!

1 Comment
Regular Visitor

Hi there @Matt_Lowe 

 

The API documentation for Sentinel rules appears to have disappeared. Is this to be replaced?

%3CLINGO-SUB%20id%3D%22lingo-sub-2587249%22%20slang%3D%22en-US%22%3EWhat's%20New%3A%20Updated%20Azure%20Sentinel%20Documentation%20July%20Edition%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2587249%22%20slang%3D%22en-US%22%3E%3CP%3E%3CEM%3EA%20big%20thank%20you%20to%20the%20Azure%20Sentinel%20CxE%20team%20for%20helping%20make%20this%20happen%20and%20a%20big%20thank%20you%20to%20Batami%20Gold%20for%20putting%20the%20documents%20together%20and%20organizing%20them.%26nbsp%3B%20%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EA%20new%20effort%20has%20begun%20to%20create%20and%20upload%20content%20around%20commonly%20asked%20questions%20as%20well%20as%20best%20practices%20for%20using%20the%20product.%20With%20this%2C%20we%20have%20posted%203%20new%20documents%20and%20updated%20some%20others%20that%20are%20live%20now!%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3ENew%20documents%3A%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%20data-unlink%3D%22true%22%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Fprerequisites%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3EPre-deployment%20best%20practices%3C%2FA%3E%3A%26nbsp%3BThis%20document%20serves%20as%20a%20place%20to%20check%20while%20going%20through%20pre-deployment%20planning.%20It%20contains%20information%20about%20topics%20such%20as%20requirements%2C%20items%20to%20prioritize%2C%20and%20best%20practices%20for%20working%20with%20workspaces.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20data-unlink%3D%22true%22%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Fbest-practices%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3EGeneral%20best%20practices%3C%2FA%3E%3A%26nbsp%3BThis%20document%20covers%20general%20topics%2C%20such%20as%20tasks%20to%20perform%20and%20how%20often%20they%20should%20be%20performed%2C%20integrating%20Azure%20Sentinel%20with%20the%20other%20Microsoft%20security%20services%2C%20and%20incident%20response%20options.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20data-unlink%3D%22true%22%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Fbest-practices-data%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3EData%20collection%20best%20practices%3A%3C%2FA%3E%26nbsp%3B%26nbsp%3BThis%20document%20covers%20topics%20to%20consider%20when%20collecting%20logs%2C%20whether%20it%20is%20through%20a%20built-in%20connector%20or%20custom%20method.%3C%2FP%3E%0A%3CP%20data-unlink%3D%22true%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20data-unlink%3D%22true%22%3ETo%20avoid%20duplication%20of%20information%20and%20long%20running%20documents%2C%20there%20are%20best%20practices%20that%20can%20be%20found%20within%20the%20different%20documents%20for%20Azure%20Sentinel.%20Two%20examples%20would%20be%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Ftop-workbooks%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3Ecommonly%20used%20Azure%20Sentinel%20workbooks%3C%2FA%3E%26nbsp%3Band%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Fazure-sentinel-billing%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3Ecost%20and%20billing%3C%2FA%3E.%20Both%20documents%20cover%20what%20is%20recommended%20and%20how%20to%20go%20about%20using%20the%20different%20features%20or%20methods%20within%20your%20Azure%20Sentinel%20environment.%20If%20you%20don't%20see%20something%20that%20you%20would%20expect%2C%20chances%20are%20that%20the%20item%20is%20covered%20under%20another%20document.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EUpdated%20content%3A%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3EThere%20are%20a%20few%20documents%20that%20have%20been%20updated%20with%20new%20content%20to%20cover%20newly%20developed%20concepts%20or%20questions%20that%20have%20been%20brought%20up.%20An%20example%20is%20the%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Fazure-sentinel-billing%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3Ecosts%20and%20billing%3C%2FA%3E%20document%2C%20which%20covers%20which%20data%20sources%20are%20free%2C%20which%20services%20generate%20cost%20when%20using%20Azure%20Sentinel%2C%20and%20options%20for%20cost%20management.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22costsandbilling.gif%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F298377iCFB65BAFA6C8DD14%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22costsandbilling.gif%22%20alt%3D%22costsandbilling.gif%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EUpdated%20structure%3A%26nbsp%3B%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3EAlong%20with%20the%20new%20content%2C%20the%20navigation%20pane%20has%20been%20updated%20as%20well%20to%20have%20a%20better%20flow%20and%20easier%20navigation.%20Before%2C%20documents%20were%20given%20scenario%20based%20titles%20and%20fell%20within%20different%20topics%20that%20included%20different%20features%20within%20the%20same%20bucket.%20With%20the%20update%2C%20documents%20are%20now%20broken%20into%20subtopics%20based%20on%20feature%2C%20with%20the%20use%20case%20listed%20within%20the%20title.%20As%20time%20goes%20on%2C%20new%20content%20and%20best%20practices%20can%20be%20found%20under%20the%20feature%20topics%20based%20on%20relevancy.%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22docs.gif%22%20style%3D%22width%3A%20404px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F298402i26B263D07746119B%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22docs.gif%22%20alt%3D%22docs.gif%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAs%20mentioned%2C%20as%20time%20goes%20on%20we%20will%20be%20adding%20more%20content%20and%20best%20practices%20to%20our%20documents%20so%20please%20keep%20an%20eye%20on%20them!%20Go%20ahead%20and%20check%20out%20the%20new%20and%20updated%20content%20within%20the%20docs%20that%20are%20out%20today.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIf%20there%20are%20topics%20that%20are%20not%20covered%20or%20if%20you%20find%20content%20that%20is%20not%20helpful%2C%20not%20clear%2C%20or%20out%20of%20date%2C%20please%20let%20us%20know%20in%20the%20comments%20here%20so%20that%20we%20can%20get%20the%20content%20created!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-2587249%22%20slang%3D%22en-US%22%3E%3CP%3ELooking%20for%20best%20practices%20when%20using%20Azure%20Sentinel%3F%20Looking%20for%20more%20content%20about%20the%20product%3F%20Check%20out%20our%20new%20and%20updated%20documents!%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22Matt_Lowe_0-1627323299266.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F298471i4145F9D86A0EDC02%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22Matt_Lowe_0-1627323299266.png%22%20alt%3D%22Matt_Lowe_0-1627323299266.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2587249%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20Sentinel%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EBest%20Practices%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EWhat's%20New%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2591374%22%20slang%3D%22en-US%22%3ERe%3A%20What's%20New%3A%20Updated%20Azure%20Sentinel%20Documentation%20July%20Edition%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2591374%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20there%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F572591%22%20target%3D%22_blank%22%3E%40Matt_Lowe%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20API%20documentation%20for%20Sentinel%20rules%20appears%20to%20have%20disappeared.%20Is%20this%20to%20be%20replaced%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E
Co-Authors
Version history
Last update:
‎Jul 26 2021 11:16 AM
Updated by:
www.000webhost.com