What's New: Tags column is now available in Azure Sentinel incidents page!
Hello everyone, We are happy to share with you a small but important improvement we added to our incidents blade – a new tag column is now available as part of the Incidents list! Tags are an integral part of the triaging process so we are now exposing them in a new column of the incident list. This improvement allows users to get informed about the tags that are related to the incidents without having to pivot to the incident preview page or full details. Every second counts, right?
GITHUB - AI Sentinel attack simulation
The recent support for Model Context Protocol (MCP) with Claude Desktop has opened the door for some really useful testing capability with Sentinel and emerging threats. I'm happy to share with the community a GitHub project that demonstrates the use of MCP against current exploits to generate simulated attack data that can be used with testing migrated ASIM alert rules. MCP allows for up-to-date exploits to be queried... ... and with AI prompting, simulated attack events can be created against our Sentinel test environments. Which results in a simulated attack based on the exploit being referenced. This is really useful for testing the migration of our Sentinel alert rules to ASIM! The full code and details about the project are available here: https://laurierhodes.info/node/175
Pre-rqieist for Defender for endpoint and MMA agent installation
Dear All, We need to install the Defender for endpoint agent and the latest MMA agent(Sentienl) in our environment. Kindly let me know the minimum permissons required for the service account for both:- 1) Domain joined machine? 2) Non-domain joined machine? (what min. role required for service account? is it local admin? or any other min. role possible)
