Microsoft Sentinel Gets Continuous Threat Monitoring Support for GitHub
Microsoft Sentinel, the company’s security information and event management (SIEM) platform is getting a new GitHub integration. The new solution has been designed to help organizations continuously monitor GitHub developer repositories for potentially malicious events.
For those unfamiliar with Microsoft Sentinel, it’s a scalable cloud-native SIEM service that uses Artificial Intelligence to analyze huge volumes of operational data to detect potential security-related threats across enterprise environments. Microsoft CEO Satya Nadella unveiled last week that Microsoft Sentinel has around 15,000 customers worldwide, and its userbase increased by 70 percent within a year.
Microsoft Sentinel can now ingest GitHub enterprise repository logs to trigger alerts
Interestingly, Microsoft Sentinel has now added a connector that allows users to ingest GitHub audit logs to get various alerts on certain suspicious activities. Currently, the Microsoft Sentinel GitHub threat monitoring tool is only available for GitHub enterprise licenses. These security alerts will be visible to users on the Microsoft Sentinel dashboard.
For instance, Sentinel can trigger alerts about when a new repository was created or deleted in the GitHub environment. There is also an option to get details about when an OAuth application’s client secret or a payment method was removed. Security teams can use the workbook to track various events such as newly added repositories, the addition/removal of new members, and the number of repository clones over time.
“The continuous threat monitoring for GitHub solution contains out-of-the-box content, installed automatically to your Microsoft Sentinel workspace when you deploy the solution. The out-of-the-box content includes analytics rules and one workbook. We’re continuing to add more content to enrich the solution,” the company explained.
To get started, organizations will need to connect their enterprise-licensed GitHub repository to the Microsoft Sentinel workspace. If you’re interested, be sure to check out Microsoft’s blog post for detailed step-by-step instructions.
In case you missed it, Microsoft Sentinel has also launched a new tool that enables organizations to track, monitor, and investigate Apache Log4j vulnerabilities. The Log4j exploit detection solution is currently available in preview via Microsoft Sentinel’s Content Hub, and you can find more details in our previous post.
More in Security
Microsoft Defender Vulnerability Management Adds New CVE Reporting Feature
Jun 30, 2022 | Rabia Noureen
Microsoft Releases Patches to Address Azure FabricScape Flaw Affecting Linux Workloads
Jun 29, 2022 | Rabia Noureen
Microsoft Defender for Identity Can Now Detect Insecure Domain Configurations
Jun 27, 2022 | Rabia Noureen
CISA Warns Unpatched VMware Servers Remain Vulnerable to Log4Shell
Jun 24, 2022 | Rabia Noureen
QNAP Releases Patch to Fix PHP Security Flaw Affecting Select NAS Devices
Jun 23, 2022 | Rabia Noureen
Microsoft Unveils New Edge Secured-Core IoT Devices to Block Firmware Attacks
Jun 22, 2022 | Rabia Noureen
Most popular on petri