On Tuesday, Microsoft announced the expansion of Sentinel Security Incidents and Event Management Solution (SIEM) as a unified agent platform with general availability for Sentinel Data Lake.
Additionally, Tech Giant said it has also released a public preview of the Sentinel Graph and Sentinel Model Context Protocol (MCP) servers.
“By graph-based context, semantic access, and agent orchestration, Sentinel ingests signals to defenders, correlates across domains, and provides code using VS code using GitHub Copilot built into security copilots, or other developer platforms.
Microsoft released Sentinel Data Lake in early July this year as a dedicated cloud-native tool for intake, management and analysis of security data, providing better visibility and advanced analytics.
With data lakes, laying the foundation for agent defense by bringing in data from a variety of sources and enabling artificial intelligence (AI) models like security capillots is that they have the complete context needed to detect subtle patterns, signal correlations, and surface high fidelity alerts.
The shift added that security teams can reveal attacker behavior, hunt historical data retroactively, and automatically trigger detections based on the latest commercial.
“Sentinel ingests structured or semi-structured signals and builds a rich, digital contextual understanding
Jakkal is real estate through vectorized security data and graph-based relationships.
“By integrating these insights with Defender and Purview, Sentinel brings graph-driven context to tools already used by security teams, helping defenders track attack paths, understand impacts, and prioritize responses.
Microsoft also noted that Sentinel organizes and enriches its security data, detects issues faster, better detects responses to large-scale events, and shifts cybersecurity from “reactive to forecast.”
Additionally, the company said users can build agents for Security Capillow on Sentinel MCP server-enabled coding platforms such as VS Code using GitHub Copilot tailored to their organization’s workflow.
The Windows manufacturers also highlight the need to secure AI platforms, implement guardrails to detect (cross)-speed injection attacks, highlighting the deployment of new extensions to AZure AI Foundry, and aims to incorporate more protection against such risks.
Source link
