{"id":190,"date":"2023-01-19T22:45:51","date_gmt":"2023-01-19T20:45:51","guid":{"rendered":"https:\/\/www.jussimetso.com\/?p=190"},"modified":"2023-01-19T23:49:59","modified_gmt":"2023-01-19T21:49:59","slug":"sentinel-new-incident-experience","status":"publish","type":"post","link":"https:\/\/www.jussimetso.com\/index.php\/2023\/01\/19\/sentinel-new-incident-experience\/","title":{"rendered":"Sentinel &#8211; New incident experience"},"content":{"rendered":"<div id=\"bsf_rt_marker\"><\/div>\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"190\" class=\"elementor elementor-190\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-d5b65f5 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"d5b65f5\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-99c501b\" data-id=\"99c501b\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-ee40759 elementor-toc--minimized-on-tablet elementor-widget elementor-widget-table-of-contents\" data-id=\"ee40759\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;exclude_headings_by_selector&quot;:[],&quot;headings_by_tags&quot;:[&quot;h2&quot;,&quot;h3&quot;,&quot;h4&quot;,&quot;h5&quot;,&quot;h6&quot;],&quot;marker_view&quot;:&quot;numbers&quot;,&quot;no_headings_message&quot;:&quot;No headings were found on this page.&quot;,&quot;minimize_box&quot;:&quot;yes&quot;,&quot;minimized_on&quot;:&quot;tablet&quot;,&quot;hierarchical_view&quot;:&quot;yes&quot;,&quot;min_height&quot;:{&quot;unit&quot;:&quot;px&quot;,&quot;size&quot;:&quot;&quot;,&quot;sizes&quot;:[]},&quot;min_height_tablet&quot;:{&quot;unit&quot;:&quot;px&quot;,&quot;size&quot;:&quot;&quot;,&quot;sizes&quot;:[]},&quot;min_height_mobile&quot;:{&quot;unit&quot;:&quot;px&quot;,&quot;size&quot;:&quot;&quot;,&quot;sizes&quot;:[]}}\" data-widget_type=\"table-of-contents.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-toc__header\">\n\t\t\t\t\t\t<h4 class=\"elementor-toc__header-title\">\n\t\t\t\tTable of Contents\t\t\t<\/h4>\n\t\t\t\t\t\t\t\t\t\t<div class=\"elementor-toc__toggle-button elementor-toc__toggle-button--expand\" role=\"button\" tabindex=\"0\" aria-controls=\"elementor-toc__ee40759\" aria-expanded=\"true\" aria-label=\"Open table of contents\"><i aria-hidden=\"true\" class=\"fas fa-chevron-down\"><\/i><\/div>\n\t\t\t\t<div class=\"elementor-toc__toggle-button elementor-toc__toggle-button--collapse\" role=\"button\" tabindex=\"0\" aria-controls=\"elementor-toc__ee40759\" aria-expanded=\"true\" aria-label=\"Close table of contents\"><i aria-hidden=\"true\" class=\"fas fa-chevron-up\"><\/i><\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<div id=\"elementor-toc__ee40759\" class=\"elementor-toc__body\">\n\t\t\t<div class=\"elementor-toc__spinner-container\">\n\t\t\t\t<i class=\"elementor-toc__spinner eicon-animation-spin eicon-loading\" aria-hidden=\"true\"><\/i>\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2415947 elementor-widget elementor-widget-heading\" data-id=\"2415947\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">New incident experience<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ecfb165 elementor-widget elementor-widget-text-editor\" data-id=\"ecfb165\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Microsoft Sentinel is your bird&#8217;s-eye view across the enterprise alleviating the stress of increasingly sophisticated attacks, increasing volumes of alerts, and long resolution time frames.<\/p><p>Microsoft has now published the new incident experience in Sentinel. The new incident page design, along with many new features both for investigation &amp; response and incident management, offers the analyst the information and tools necessary to understand the incident and the scope of breach while making navigation easy and context switching less frequent. New features include,\u00a0 among others: top insights, a new activity log for incident audits and a Log Analytics query window to investigate logs.<\/p><p><b style=\"color: var( --e-global-color-text ); font-family: var( --e-global-typography-text-font-family ), Sans-serif; background-color: var(--petite-stories-background);\">NOTE: THIS FEATURE IS IN PUBLIC PREVIEW AT THE TIME WRITTEN.<\/b><\/p><p><b style=\"color: var( --e-global-color-text ); font-family: var( --e-global-typography-text-font-family ), Sans-serif; background-color: var(--petite-stories-background);\">\u00a0<\/b><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2311d05 elementor-widget elementor-widget-heading\" data-id=\"2311d05\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Incident outlook experience<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6c8fcfd elementor-widget elementor-widget-text-editor\" data-id=\"6c8fcfd\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Section 1 shows the incident details panel (as well as comments field, not shown in the picture.<\/p><p>Section 2 shows the Overview which includes triage and investigation tools.<\/p><p>Section 3 shows a preview of the entities which details can be look by click the entity items.<\/p><p>Section 4 shows <a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/sentinel\/investigate-incidents#similar-incidents-preview\" target=\"_blank\" rel=\"noopener\">similar incidents<\/a>.\u00a0<\/p><p>Section 5 shows the top insights.<\/p><p>Top insights are entity insights specifically chosen by Microsoft\u2019s security experts to give a quick view of the most important information about the entity \u2013 is it part of threat intelligence or watchlists, IP\u2019s remote connections, UEBA insights and more. Those insights can speed up triage and understand the nature of the incident and its entities better and faster. Deeper dive to more insights on each entity is provided in the entities tab.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b3b0563 elementor-widget elementor-widget-image\" data-id=\"b3b0563\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t<figure class=\"wp-caption\">\n\t\t\t\t\t\t\t\t\t\t\t<a href=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2023\/01\/sentinel_new_view.png?ssl=1\" data-elementor-open-lightbox=\"yes\" data-elementor-lightbox-title=\"sentinel_new_view\" data-e-action-hash=\"#elementor-action%3Aaction%3Dlightbox%26settings%3DeyJpZCI6MTk1LCJ1cmwiOiJodHRwczpcL1wvd3d3Lmp1c3NpbWV0c28uY29tXC93cC1jb250ZW50XC91cGxvYWRzXC8yMDIzXC8wMVwvc2VudGluZWxfbmV3X3ZpZXcucG5nIn0%3D\">\n\t\t\t\t\t\t\t<img fetchpriority=\"high\" decoding=\"async\" width=\"2048\" height=\"949\" src=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2023\/01\/sentinel_new_view.png?fit=2048%2C949&amp;ssl=1\" class=\"attachment-2048x2048 size-2048x2048 wp-image-195\" alt=\"\" srcset=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2023\/01\/sentinel_new_view.png?w=3815&amp;ssl=1 3815w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2023\/01\/sentinel_new_view.png?resize=300%2C139&amp;ssl=1 300w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2023\/01\/sentinel_new_view.png?resize=1024%2C475&amp;ssl=1 1024w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2023\/01\/sentinel_new_view.png?resize=768%2C356&amp;ssl=1 768w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2023\/01\/sentinel_new_view.png?resize=1536%2C712&amp;ssl=1 1536w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2023\/01\/sentinel_new_view.png?resize=2048%2C949&amp;ssl=1 2048w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2023\/01\/sentinel_new_view.png?resize=850%2C394&amp;ssl=1 850w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2023\/01\/sentinel_new_view.png?w=1280&amp;ssl=1 1280w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2023\/01\/sentinel_new_view.png?w=1920&amp;ssl=1 1920w\" sizes=\"(max-width: 640px) 100vw, 640px\" \/>\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t\t<figcaption class=\"widget-image-caption wp-caption-text\">Click picture to see it larger.<\/figcaption>\n\t\t\t\t\t\t\t\t\t\t<\/figure>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1ffb5e7 elementor-widget elementor-widget-text-editor\" data-id=\"1ffb5e7\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"color: var( --e-global-color-text ); font-family: var( --e-global-typography-text-font-family ), Sans-serif; font-weight: var( --e-global-typography-text-font-weight ); background-color: var(--petite-stories-background);\">Upper right corned is a incident action drop-down list where you can run playbook, create automation rule and create team (preview) in Microsoft Teams to collaborate with other individuals or teams across the departments on handling the incident.\u00a0<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b2df01d elementor-widget elementor-widget-image\" data-id=\"b2df01d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"338\" height=\"256\" src=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2023\/01\/incident_actions.png?fit=338%2C256&amp;ssl=1\" class=\"attachment-large size-large wp-image-196\" alt=\"\" srcset=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2023\/01\/incident_actions.png?w=338&amp;ssl=1 338w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2023\/01\/incident_actions.png?resize=300%2C227&amp;ssl=1 300w\" sizes=\"(max-width: 338px) 100vw, 338px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e34d3e9 elementor-widget elementor-widget-text-editor\" data-id=\"e34d3e9\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>You can also add comments to the incident. The area is under the incident details panel.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-bf79971 elementor-widget elementor-widget-image\" data-id=\"bf79971\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"640\" height=\"431\" src=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2023\/01\/incident_comment.png?fit=640%2C431&amp;ssl=1\" class=\"attachment-large size-large wp-image-198\" alt=\"\" srcset=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2023\/01\/incident_comment.png?w=768&amp;ssl=1 768w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2023\/01\/incident_comment.png?resize=300%2C202&amp;ssl=1 300w\" sizes=\"(max-width: 640px) 100vw, 640px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-97b80c8 elementor-widget elementor-widget-heading\" data-id=\"97b80c8\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">The Activity log<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-666651b elementor-widget elementor-widget-text-editor\" data-id=\"666651b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"color: var( --e-global-color-text ); font-family: var( --e-global-typography-text-font-family ), Sans-serif; font-weight: var( --e-global-typography-text-font-weight ); background-color: var(--petite-stories-background);\">The new activity log includes the comments and audits of the incident, whether manual or automated, such as severity or status change, playbook triggered, alerts added and more. The log is auto-refreshed (even when scrolled or when a comment is being written), so that collaboration is made simple and new audits or comments by other analysts or automation are added \u2013 even when the analyst is scrolling the feed.<\/span><\/p><p>Activity log as well as Refresh, Delete Incident, Logs (from Log analytics workspace) and Tasks (Preivew) are found on top of the page under Indicent title.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-93d76fd elementor-widget elementor-widget-image\" data-id=\"93d76fd\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"640\" height=\"45\" src=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2023\/01\/incident_top_buttons.png?fit=640%2C45&amp;ssl=1\" class=\"attachment-large size-large wp-image-197\" alt=\"\" srcset=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2023\/01\/incident_top_buttons.png?w=925&amp;ssl=1 925w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2023\/01\/incident_top_buttons.png?resize=300%2C21&amp;ssl=1 300w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2023\/01\/incident_top_buttons.png?resize=768%2C54&amp;ssl=1 768w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2023\/01\/incident_top_buttons.png?resize=850%2C60&amp;ssl=1 850w\" sizes=\"(max-width: 640px) 100vw, 640px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ae48ac7 elementor-widget elementor-widget-image\" data-id=\"ae48ac7\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"640\" height=\"342\" src=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2023\/01\/incident_activity_log.png?fit=640%2C342&amp;ssl=1\" class=\"attachment-large size-large wp-image-199\" alt=\"\" srcset=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2023\/01\/incident_activity_log.png?w=1446&amp;ssl=1 1446w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2023\/01\/incident_activity_log.png?resize=300%2C160&amp;ssl=1 300w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2023\/01\/incident_activity_log.png?resize=1024%2C547&amp;ssl=1 1024w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2023\/01\/incident_activity_log.png?resize=768%2C411&amp;ssl=1 768w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2023\/01\/incident_activity_log.png?resize=850%2C454&amp;ssl=1 850w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2023\/01\/incident_activity_log.png?w=1280&amp;ssl=1 1280w\" sizes=\"(max-width: 640px) 100vw, 640px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-95134a3 elementor-widget elementor-widget-heading\" data-id=\"95134a3\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Tasks (Preview)<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-221c875 elementor-widget elementor-widget-text-editor\" data-id=\"221c875\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p style=\"margin: 0px; font-family: SegoeUI, Lato, 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 14px; color: #333333;\">\u00a0<\/p><p style=\"margin-top: 0px; margin-right: 0px; margin-left: 0px; font-family: SegoeUI, Lato, 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 14px; color: #333333;\">Standardizing and formalizing the list of<b>\u00a0<\/b><a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/sentinel\/incident-tasks\" target=\"_blank\" rel=\"noopener\">tasks<\/a><b>\u00a0<\/b>an analyst should follow when triaging, investigating or remediating an incident can help keep your SOC running smoothly, ensuring the same requirements apply to all analysts. Those tasks, whether pre-populated by automation rules and playbooks or manually added, are now embedded into the new incident page. Tasks can be followed by the analyst according to the different stages of the triage, investigation and remediation and marked as completed when done<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b317022 elementor-widget elementor-widget-heading\" data-id=\"b317022\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Log analytics query possibility<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c6fcd0f elementor-widget elementor-widget-text-editor\" data-id=\"c6fcd0f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>The Log Analytics panel now opens within the incident, providing the ability to query tables and dive to evidence, while still inside the incident and entities and incident details are visible. Triggering the logs panel is possible both from a dedicated button or when selecting specific evidence from the incident. Details about alerts and bookmarks are presented in the context of the timeline (just click on the element), and the links to specific tables and query results will open in a panel on the side. Bookmarks can also be added directly from this panel.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-919bf09 elementor-widget elementor-widget-heading\" data-id=\"919bf09\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Entities<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-da94b17 elementor-widget elementor-widget-text-editor\" data-id=\"da94b17\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Entities now have a lot of information in the context of the incident, including details on the specific entity (geo-location for IP addresses\u00a0 for example), the entity\u2019s timeline where alerts related to the entity can be added to the incident, and entity insights. Those insights include the top insights from the overview tab and more specific insights that allow a deeper dive. Actions on the entities, such as\u00a0<a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/sentinel\/tutorial-respond-threats-playbook?tabs=LAC#run-a-playbook-on-demand\" target=\"_blank\" rel=\"noopener noreferrer\">triggering a playbook<\/a>\u00a0or\u00a0<a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/sentinel\/add-entity-to-threat-intelligence\" target=\"_blank\" rel=\"noopener noreferrer\">add the entity to Threat Intelligence<\/a>, are available both from the entities grid in a dedicated tab and the entities widget.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d5d26ba elementor-widget elementor-widget-image\" data-id=\"d5d26ba\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"640\" height=\"174\" src=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2023\/01\/incident_entities-1.png?fit=640%2C174&amp;ssl=1\" class=\"attachment-large size-large wp-image-203\" alt=\"\" srcset=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2023\/01\/incident_entities-1.png?w=2069&amp;ssl=1 2069w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2023\/01\/incident_entities-1.png?resize=300%2C81&amp;ssl=1 300w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2023\/01\/incident_entities-1.png?resize=1024%2C278&amp;ssl=1 1024w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2023\/01\/incident_entities-1.png?resize=768%2C209&amp;ssl=1 768w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2023\/01\/incident_entities-1.png?resize=1536%2C417&amp;ssl=1 1536w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2023\/01\/incident_entities-1.png?resize=2048%2C556&amp;ssl=1 2048w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2023\/01\/incident_entities-1.png?resize=850%2C231&amp;ssl=1 850w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2023\/01\/incident_entities-1.png?w=1280&amp;ssl=1 1280w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2023\/01\/incident_entities-1.png?w=1920&amp;ssl=1 1920w\" sizes=\"(max-width: 640px) 100vw, 640px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-640a55b elementor-widget elementor-widget-image\" data-id=\"640a55b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t<figure class=\"wp-caption\">\n\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"640\" height=\"638\" src=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2023\/01\/incident_entities_info.png?fit=640%2C638&amp;ssl=1\" class=\"attachment-large size-large wp-image-207\" alt=\"\" srcset=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2023\/01\/incident_entities_info.png?w=804&amp;ssl=1 804w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2023\/01\/incident_entities_info.png?resize=300%2C299&amp;ssl=1 300w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2023\/01\/incident_entities_info.png?resize=150%2C150&amp;ssl=1 150w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2023\/01\/incident_entities_info.png?resize=768%2C765&amp;ssl=1 768w\" sizes=\"(max-width: 640px) 100vw, 640px\" \/>\t\t\t\t\t\t\t\t\t\t\t<figcaption class=\"widget-image-caption wp-caption-text\">Entities info<\/figcaption>\n\t\t\t\t\t\t\t\t\t\t<\/figure>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8899779 elementor-widget elementor-widget-image\" data-id=\"8899779\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t<figure class=\"wp-caption\">\n\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"640\" height=\"657\" src=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2023\/01\/incident_entities_timeline.png?fit=640%2C657&amp;ssl=1\" class=\"attachment-large size-large wp-image-205\" alt=\"\" srcset=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2023\/01\/incident_entities_timeline.png?w=800&amp;ssl=1 800w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2023\/01\/incident_entities_timeline.png?resize=292%2C300&amp;ssl=1 292w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2023\/01\/incident_entities_timeline.png?resize=768%2C788&amp;ssl=1 768w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2023\/01\/incident_entities_timeline.png?resize=300%2C308&amp;ssl=1 300w\" sizes=\"(max-width: 640px) 100vw, 640px\" \/>\t\t\t\t\t\t\t\t\t\t\t<figcaption class=\"widget-image-caption wp-caption-text\">Entities timeline<\/figcaption>\n\t\t\t\t\t\t\t\t\t\t<\/figure>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e0dc0f8 elementor-widget elementor-widget-heading\" data-id=\"e0dc0f8\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Conclusion and detailed information<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0978d84 elementor-widget elementor-widget-text-editor\" data-id=\"0978d84\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>I think this new incident experience is better than the old one because I can see a lot of information and thats why I don&#8217;t need to jump between different views as before. There are many links to even deeper information but it&#8217;s a life. Sentinel has been developed still a lot in previous years, especially in 2022.\u00a0<\/p><p>More details on Microsoft Learn (click titles below which are actually links)<\/p><p><a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/sentinel\/investigate-incidents#prerequisites\" target=\"_blank\" rel=\"noopener\">Navigate and investigate incidents in Microsoft Sentinel<\/a><\/p><p><a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/sentinel\/incident-investigation\" target=\"_blank\" rel=\"noopener\">Understand Microsoft Sentinel&#8217;s incident investigation and case management capabilities<\/a><\/p><p><a href=\"https:\/\/techcommunity.microsoft.com\/t5\/microsoft-sentinel-blog\/the-new-incident-experience-is-here\/ba-p\/3717042\" target=\"_blank\" rel=\"noopener\">Microsoft Techcommunity link about this Sentinel Incident Experience by Michal Schecter<\/a><\/p><p id=\"navigate-and-investigate-incidents-in-microsoft-sentinel\" style=\"box-sizing: inherit; outline-color: inherit; margin-top: -10px; margin-bottom: 0px; font-size: clamp(1.875rem, 22.1053px + 1.64474vw, 2.5rem); padding: 0px; overflow-wrap: break-word; word-break: break-word; line-height: 1.3; color: #171717; font-family: 'Segoe UI', SegoeUI, 'Helvetica Neue', Helvetica, Arial, sans-serif;\">\u00a0<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Table of Contents New incident experience Microsoft Sentinel is your bird&#8217;s-eye view across the enterprise&#8230;<\/p>\n","protected":false},"author":2,"featured_media":191,"comment_status":"open","ping_status":"open","sticky":false,"template":"elementor_theme","format":"standard","meta":{"advanced_seo_description":"","jetpack_seo_html_title":"","jetpack_seo_noindex":false,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[10,21],"tags":[],"class_list":["post-190","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-sentinel","category-xdr"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2023\/01\/sentinel_incident_paakuva.png?fit=988%2C482&ssl=1","jetpack_shortlink":"https:\/\/wp.me\/pes24X-34","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.jussimetso.com\/index.php\/wp-json\/wp\/v2\/posts\/190","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.jussimetso.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.jussimetso.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.jussimetso.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.jussimetso.com\/index.php\/wp-json\/wp\/v2\/comments?post=190"}],"version-history":[{"count":0,"href":"https:\/\/www.jussimetso.com\/index.php\/wp-json\/wp\/v2\/posts\/190\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.jussimetso.com\/index.php\/wp-json\/wp\/v2\/media\/191"}],"wp:attachment":[{"href":"https:\/\/www.jussimetso.com\/index.php\/wp-json\/wp\/v2\/media?parent=190"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.jussimetso.com\/index.php\/wp-json\/wp\/v2\/categories?post=190"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.jussimetso.com\/index.php\/wp-json\/wp\/v2\/tags?post=190"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}