Microsoft SIEM + XDR Gets New Unified Device Timeline Experience

Microsoft has introduced a new Unified Device Timeline experience in its SIEM + XDR solution. This new feature offers administrators a centralized hub to track device activity across Microsoft Sentinel and Defender XDR.

“This feature streamlines security investigations by enabling analysts to access all relevant device activities in one place, reducing the need to switch between platforms and accelerating incident response times. By bringing these activities together, we are delivering a more powerful experience, empowering customers to investigate and respond to threats with unmatched context and efficiency,” Microsoft explained.

What are the benefits of the Unified Device Timeline experience?

Microsoft has consolidated the timeline experiences from Microsoft Sentinel and Defender XDR. It provides a unified view of notifications about potential security issues as well as all actions performed on devices. This new feature also eliminates the need to toggle between different platforms.

With this release, IT admins can track and view reports on specific types of network activity. This feature collects data from Microsoft Sentinel, which collects information from various third-party network security vendors. It highlights instances where network traffic has been stopped or rejected, which can indicate potential security threats. These logs should make it easier for security teams to quickly identify and respond to potential threats.

New features coming soon

Going forward, Microsoft plans to add support for incorporating device Anomalies into the Unified Device Timeline. This feature will allow security analysts to view suspicious activities that might indicate a security threat.

Microsoft will also merge the User Timeline experiences from its Sentinel and Defender XDR solutions. It should help cybersecurity teams gain insights into user activities across different platforms.