December 2019 Update: User roles, App enhancements and Azure Sentinel integration

December 2019 Update: User roles, App enhancements and Azure Sentinel integration

Our December update includes a new role model for users in a SIGNL4 team, great new app features and integration with Azure Sentinel.

Introducing user roles

Two default user roles are now available in each SIGNL4 team: Administrator and User. This allows for restricting standard user rights versus administrative access.

For existing teams, all users are migrated to administrators, i.e. you should check this role assignment and downgrade some team members to users yourself if necessary.

Otherwise, all newly invited users are now by default only in the role “User”. If such a user cannot do things in the app because they are not allowed according to his user role, he will be shown an according message in mobile app.

In the enterprise environment, it is now easier to pursue a centralized management approach to notification workflows, so that regular employees can only receive alerts but not change the setup.

You can find a complete overview of the rights a user has in the respective user role here.

Mobile app: Auto-complete for annotations and messages

The mobile app now has an auto-complete feature built in. This allows you to select existing text modules from a small selection field when triggering new Signls or entering Signl comments. The list is fed from the texts that were previously entered here.

In addition, we have moved some settings for the app and its behavior to a separate “Settings” menu. New is the possibility to switch off sound effects during acknowledgement and other actions in the app.

2-way integration with Azure Sentinel and Microsoft Graph API

SIGNL4 now has a new connector app for integration with Azure Sentinel and the Microsoft Graph Security API. This simplifies the integration of security alerts with SIGNL4.

Once added to your SIGNL4 team, the connector automatically reads security alerts from Microsoft Graph Security API and triggers Signls for your on-duty team members. It also synchronizes SIGNL4’s alarm status with the Microsoft Graph Security API, so that when alarms are confirmed or closed, the status is also updated on the corresponding alarm from the Microsoft Graph Security API or the according security provider. As mentioned earlier, the connector mainly uses the Microsoft Graph Security API, but for some graph security vendors, such as Azure Sentinel, it also uses dedicated REST APIs from appropriate Microsoft Azure solutions in order to augment the alert details with according search results directly from the underlying Log Analytics workspace.

This video describes how to easily connect the app to your Microsoft Azure environment and what great features await you afterwards.

Please note: The connector app requires your SIGNL4 subscription to be in the Optimize or Maximize. If you are in that plan and the Azure Sentinel app tile shows a message that you have to upgrade your subscription in oder to use the app, then please wait a few hours and check back later. The SIGNL4 licensing engine takes some time to upgrade existing subscriptions with newly added template apps that we have added to SIGNL4.

 

Related Posts

The Ultimate Guide to Automating and Mobilizing Your Secops Processes with Derdack SIGNL4 and Microsoft Sentinel

May 24, 2023

The Dangers of Alert Fatigue: Strategies for Effective Alert Management

April 26, 2023

Alarm Notification Software: SIGNL4 is test winner

April 17, 2023

April 2023 Update – Central integration management with event distribution rules, global API keys and much more

April 11, 2023