I am happy to announce that Azure Sentinel is now GA - That is Generally Available! The "preview" label has disappeared.
You can now find:
- The announcement press release
- An updated product page. You might be particularly interested in those:
- Pricing information
- Updated documentation for the features we released towards GA.
We are also hosting a virtual event tomorrow to update you all. You are most welcome to register.
Being a tech blog, you are probably more interested in what's new. Most of the features announced with GA were already available on the portal as we rolled them out over the last couple of weeks. With GA, full documentation for those is now out.
Among the new features are:
- Workbooks are replacing dashboards, providing for richer analytics and visualizations
- New Microsoft and 3rd party connectors
- Detection and hunting:
- Out of the box detection rules: The GitHub detection rules are now built into Sentinel.
- Easy elevation of MTP alerts to Sentinel incidents.
- Built-in detection rules utilizing the threat intelligence connector.
- New ML models to discover malicious SSH access, fuse identity, and access data to detect 35 unique threats that span multiple stages of the kill chain. Fusion is now on by default and managed through the UI
- Template playbooks now available on Github.
- New threat hunting queries and libraries for Jupyter Notebooks