Jump to content
Free PC Help Forum
Logging In to Free PC Help Forum Has Changed

Announcing Microsoft Sentinel All-in-One v2

Guest Javier Soriano

By Guest Javier Soriano
in Microsoft Support & Discussions

 Share

Recommended Posts

Guest Javier Soriano

Guest Javier Soriano

Posted
Posted

More than 2 years ago we announced the first version of Microsoft Sentinel All-in-One. Today, we’re happy to announce a new revamped version that includes all the latest advancements in the product.

 

 

 

Microsoft Sentinel All-in-One is aimed at helping customers and partners quickly set up a full-fledged Microsoft Sentinel environment that is ready to use by customers speeding up deployment and initial configuration tasks in few clicks, saving time and simplifying Microsoft Sentinel setup.

 

 

What's new

 

 

This new version automates the following steps:

 

 

 

  • Creates resource group
  • Creates Log Analytics workspace
  • Enables Microsoft Sentinel on top of the workspace
  • Sets workspace retention, daily cap and commitment tiers if desired
  • Enables UEBA with the relevant identity providers (AAD and/or AD)
  • Enables health diagnostics for Analytics Rules, Data Connectors and Automation Rules
  • Installs Content Hub solutions from a predefined list
  • Enables Data Connectors from this list:
    • Azure Active Directory
    • Azure Active Directory Identity Protection
    • Azure Activity
    • Dynamics 365
    • Microsoft 365 Defender
    • Microsoft Defender for Cloud
    • Microsoft Insider Risk Management
    • Microsoft Power BI
    • Microsoft Project
    • Office 365
    • Threat Intelligence Platforms

    [*]Enables analytics rules (Scheduled and NRT) included in the selected Content Hub solutions

    [*]Enables analytics rules (Scheduled and NRT) that use any of the selected Data connectors

 

You can see a brief demo here:

 

largevv2px999.thumb.gif.9a93e3e8b88c742fa8589a5f9f146a57.gif

 

 

Getting started

 

 

You can find this new version at Azure-Sentinel/Tools/Sentinel-All-In-One at master · Azure/Azure-Sentinel.

 

 

 

The only thing you need to start using Microsoft Sentinel All-in-One, is an Azure Subscription and an account with permissions to deploy Microsoft Sentinel. Higher privileges might be required if you wish to enable UEBA and some of the supported connectors. You can find details about the required permissions here .

 

 

 

You can deploy directly from here:

 

 

 

largevv2px999.png.5eda5f4b3272a7ebcf462576592c7ba3.png

 

 

 

Go ahead and give it a try! We look forward to hearing your feedback about this new version.

 

Continue reading...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...