🚨 Microsoft Sentinel UEBA enters a new era of behavioural analytics

SIX NEW additional high-value data sources

SOC teams know the struggle: every data point could be a security signal. The result? Analysts are drowning in logs, chasing false positives, and trying to piece together fragmented clues.

That changes with Microsoft Sentinel User and Entity Behaviour Analytics (UEBA).

Already proven in detecting insider threats, compromised accounts, and subtle attack patterns, Sentinel UEBA uses AI to cut through noise and surface truly anomalous behaviours.

💡 What’s new today?
We’re expanding support to six additional high-value data sources across Microsoft and third-party platforms. That means more visibility, more context, and smarter detections — all in one place.

✅ Authentication activities

• MDE DeviceLogonEvents – Spot unusual device access and lateral movement

• AAD Managed Identity Sign-in Logs – Detect stealthy abuse of non-human identities

• AAD Service Principal Sign-in Logs – Flag anomalies in automation or token theft

✅ Cloud & identity platforms

• AWS CloudTrail Login Events – Catch risky AWS console sign-ins

• GCP Audit Logs (Failed IAM Access) – Uncover reconnaissance and privilege misuse

• Okta MFA & Auth Security Change Events – Reveal MFA fatigue, hijacking, or policy tampering

Together with existing sources like Entra ID, Azure Activity Logs, and Windows Security Events, these enrich user, device, and service identity profiles with powerful behavioural context.

⚡ Why it matters

• Correlate activity across clouds and identities in a single view

• Build dynamic baselines and peer groups using AI

• Focus on real anomalies, not noise

• Optimise alerts with UEBA insights to boost fidelity

Want to learn more? See full article below

🔗 Microsoft Sentinel’s AI-driven UEBA ushers in the next era of behavioral analytics | Microsoft Community Hub

#EntraID #Microsoft #MicrosoftSecurity #Cybersecurity #IAM #SIEM #XDR #MSPartnerUK