Microsoft Sentinel Gets Continuous Threat Monitoring Support for GitHub

Microsoft Sentinel Gets Continuous Threat Monitoring Support for GitHub

Microsoft Sentinel, the company’s security information and event management (SIEM) platform is getting a new GitHub integration. The new solution has been designed to help organizations continuously monitor GitHub developer repositories for potentially malicious events.

For those unfamiliar with Microsoft Sentinel, it’s a scalable cloud-native SIEM service that uses Artificial Intelligence to analyze huge volumes of operational data to detect potential security-related threats across enterprise environments. Microsoft CEO Satya Nadella unveiled last week that Microsoft Sentinel has around 15,000 customers worldwide, and its userbase increased by 70 percent within a year.

Microsoft Sentinel can now ingest GitHub enterprise repository logs to trigger alerts

Interestingly, Microsoft Sentinel has now added a connector that allows users to ingest GitHub audit logs to get various alerts on certain suspicious activities. Currently, the Microsoft Sentinel GitHub threat monitoring tool is only available for GitHub enterprise licenses. These security alerts will be visible to users on the Microsoft Sentinel dashboard.

Microsoft Sentinel Gets Continuous Threat Monitoring Support for GitHub

For instance, Sentinel can trigger alerts about when a new repository was created or deleted in the GitHub environment. There is also an option to get details about when an OAuth application’s client secret or a payment method was removed. Security teams can use the workbook to track various events such as newly added repositories, the addition/removal of new members, and the number of repository clones over time.

“The continuous threat monitoring for GitHub solution contains out-of-the-box content, installed automatically to your Microsoft Sentinel workspace when you deploy the solution. The out-of-the-box content includes analytics rules and one workbook. We’re continuing to add more content to enrich the solution,” the company explained.

To get started, organizations will need to connect their enterprise-licensed GitHub repository to the Microsoft Sentinel workspace. If you’re interested, be sure to check out Microsoft’s blog post for detailed step-by-step instructions.

In case you missed it, Microsoft Sentinel has also launched a new tool that enables organizations to track, monitor, and investigate Apache Log4j vulnerabilities. The Log4j exploit detection solution is currently available in preview via Microsoft Sentinel’s Content Hub, and you can find more details in our previous post.