Microsoft Sentinel Enhancements with Unified Data Lake and Agentic Security
Summary
Hide ▲
Show ▼
Microsoft has expanded its Sentinel Security Information and Event Management (SIEM) solution into a unified agentic platform with the general availability of the Sentinel data lake. This enhancement includes the public preview of Sentinel Graph and the Sentinel Model Context Protocol (MCP) server, which aim to provide better visibility, advanced analytics, and AI-driven security capabilities. The Sentinel data lake ingests and manages security data from diverse sources, enabling AI models to detect subtle patterns and correlate signals. This shift allows security teams to uncover attacker behavior, hunt over historical data, and trigger automatic detections. The new graph tools and MCP server facilitate integration of third-party and internally developed agents, enhancing the platform's capabilities. Additionally, Microsoft has emphasized the importance of securing AI platforms and implementing guardrails to protect against prompt injection attacks, with planned enhancements to Azure AI Foundry. The company has also launched the Microsoft Security Store, expanding integration with partners like Accenture, Darktrace, IBM, Illumio, ServiceNow, Simbian, and Zscaler.
Timeline
-
30.09.2025 16:00 2 articles · 15d ago
Microsoft Sentinel Expanded with Unified Data Lake and Agentic Security Features
Microsoft has expanded its Sentinel SIEM solution into a unified agentic platform with the general availability of the Sentinel data lake. This includes the public preview of Sentinel Graph and the Sentinel Model Context Protocol (MCP) server. The enhancements aim to provide better visibility, advanced analytics, and AI-driven security capabilities. The Sentinel data lake ingests and manages security data from diverse sources, enabling AI models to detect subtle patterns and correlate signals. This allows security teams to uncover attacker behavior, hunt over historical data, and trigger automatic detections. The new graph tools and MCP server facilitate integration of third-party and internally developed agents, enhancing the platform's capabilities. Microsoft is also emphasizing the need for securing AI platforms and implementing guardrails to protect against prompt injection attacks, with planned enhancements to Azure AI Foundry. The company has also launched the Microsoft Security Store, expanding integration with partners like Accenture, Darktrace, IBM, Illumio, ServiceNow, Simbian, and Zscaler.
Show sources
- Microsoft Expands Sentinel Into Agentic Security Platform With Unified Data Lake — thehackernews.com — 30.09.2025 16:00
- Microsoft Adds Agentic AI Capabilities to Sentinel — www.darkreading.com — 10.10.2025 18:25
Information Snippets
-
Microsoft has expanded Sentinel into a unified agentic platform with the general availability of the Sentinel data lake.
First reported: 30.09.2025 16:002 sources, 2 articlesShow sources
- Microsoft Expands Sentinel Into Agentic Security Platform With Unified Data Lake — thehackernews.com — 30.09.2025 16:00
- Microsoft Adds Agentic AI Capabilities to Sentinel — www.darkreading.com — 10.10.2025 18:25
-
Sentinel Graph and Sentinel Model Context Protocol (MCP) server are now available in public preview.
First reported: 30.09.2025 16:002 sources, 2 articlesShow sources
- Microsoft Expands Sentinel Into Agentic Security Platform With Unified Data Lake — thehackernews.com — 30.09.2025 16:00
- Microsoft Adds Agentic AI Capabilities to Sentinel — www.darkreading.com — 10.10.2025 18:25
-
The Sentinel data lake ingests and manages security data from diverse sources, enabling AI models to detect subtle patterns and correlate signals.
First reported: 30.09.2025 16:002 sources, 2 articlesShow sources
- Microsoft Expands Sentinel Into Agentic Security Platform With Unified Data Lake — thehackernews.com — 30.09.2025 16:00
- Microsoft Adds Agentic AI Capabilities to Sentinel — www.darkreading.com — 10.10.2025 18:25
-
Security teams can uncover attacker behavior, hunt over historical data, and trigger automatic detections.
First reported: 30.09.2025 16:002 sources, 2 articlesShow sources
- Microsoft Expands Sentinel Into Agentic Security Platform With Unified Data Lake — thehackernews.com — 30.09.2025 16:00
- Microsoft Adds Agentic AI Capabilities to Sentinel — www.darkreading.com — 10.10.2025 18:25
-
Microsoft is emphasizing the need for securing AI platforms and implementing guardrails to protect against prompt injection attacks.
First reported: 30.09.2025 16:002 sources, 2 articlesShow sources
- Microsoft Expands Sentinel Into Agentic Security Platform With Unified Data Lake — thehackernews.com — 30.09.2025 16:00
- Microsoft Adds Agentic AI Capabilities to Sentinel — www.darkreading.com — 10.10.2025 18:25
-
Microsoft plans to roll out enhancements to Azure AI Foundry to incorporate more protection for AI agents.
First reported: 30.09.2025 16:002 sources, 2 articlesShow sources
- Microsoft Expands Sentinel Into Agentic Security Platform With Unified Data Lake — thehackernews.com — 30.09.2025 16:00
- Microsoft Adds Agentic AI Capabilities to Sentinel — www.darkreading.com — 10.10.2025 18:25
-
Microsoft has launched new graph capabilities and a Model Context Protocol (MCP) server for Sentinel.
First reported: 10.10.2025 18:251 source, 1 articleShow sources
- Microsoft Adds Agentic AI Capabilities to Sentinel — www.darkreading.com — 10.10.2025 18:25
-
The new graph tools enable Security Copilot agents to investigate and respond to threats more precisely and rapidly.
First reported: 10.10.2025 18:251 source, 1 articleShow sources
- Microsoft Adds Agentic AI Capabilities to Sentinel — www.darkreading.com — 10.10.2025 18:25
-
The Sentinel MCP Server facilitates integration of third-party and internally developed agents.
First reported: 10.10.2025 18:251 source, 1 articleShow sources
- Microsoft Adds Agentic AI Capabilities to Sentinel — www.darkreading.com — 10.10.2025 18:25
-
Microsoft has expanded the integration of agents and other security platforms with the launch of its new Microsoft Security Store.
First reported: 10.10.2025 18:251 source, 1 articleShow sources
- Microsoft Adds Agentic AI Capabilities to Sentinel — www.darkreading.com — 10.10.2025 18:25
-
Microsoft has released over a dozen agents designed to address specific security situations since March.
First reported: 10.10.2025 18:251 source, 1 articleShow sources
- Microsoft Adds Agentic AI Capabilities to Sentinel — www.darkreading.com — 10.10.2025 18:25
-
The Sentinel Data Lake unifies telemetry better and applies normalization to data, making it more consumable for Sentinel.
First reported: 10.10.2025 18:251 source, 1 articleShow sources
- Microsoft Adds Agentic AI Capabilities to Sentinel — www.darkreading.com — 10.10.2025 18:25
-
The Sentinel graph can help predict attacker movements and preemptively secure assets.
First reported: 10.10.2025 18:251 source, 1 articleShow sources
- Microsoft Adds Agentic AI Capabilities to Sentinel — www.darkreading.com — 10.10.2025 18:25
-
The Sentinel MCP Server offers a platform for developing and deploying agents, with tools like the Entity Analyzer and natural language queries.
First reported: 10.10.2025 18:251 source, 1 articleShow sources
- Microsoft Adds Agentic AI Capabilities to Sentinel — www.darkreading.com — 10.10.2025 18:25
-
Sentinel graph and MCP server are now available in public preview, and Sentinel Data Lake is generally available.
First reported: 10.10.2025 18:251 source, 1 articleShow sources
- Microsoft Adds Agentic AI Capabilities to Sentinel — www.darkreading.com — 10.10.2025 18:25
Similar Happenings
AI SOC Platforms Shift to Mesh Agentic Architectures
The Security Operations Centers (SOCs) of 2026 are increasingly adopting AI-powered agents to enhance detection, response, and adaptation capabilities. This shift is driven by the need to handle sophisticated and rapidly evolving threats. AI SOC platforms vary widely in their capabilities, from prompt-dependent copilots to autonomous, multi-agent systems. The adoption rate is currently low, estimated at 1–5% penetration. The integration of AI in SOCs aims to address core challenges such as alert fatigue, manual context correlation, and static detection and response workflows. Traditional automation solutions often introduced their own set of issues, including engineering-intensive setups and limited adaptability. Advanced platforms are moving towards mesh agentic architectures, where multiple AI agents work together to handle specialized SOC functions autonomously. This approach allows for continuous learning and adaptation based on organizational context and telemetry.
AI Adoption in Cybersecurity for Enhanced Threat Detection and Response
AI is increasingly crucial in cybersecurity, addressing challenges posed by advanced threats and improving detection, response, and operational efficiency. AI-driven tools help reduce alert fatigue, prioritize vulnerabilities, and uncover hidden threats. Wazuh, an open-source security platform, integrates AI to enhance detection, investigation, and situational awareness across various environments. AI in cybersecurity helps with noise reduction, vulnerability prioritization, behavioral analysis, scalable data processing, insider threat detection, phishing detection, and automated incident response. Wazuh leverages AI for guided vulnerability response, automated configuration guidance, and AI-enhanced threat hunting. The Wazuh AI analyst service provides AI-driven security analysis, summarizing alerts and offering contextual enrichment and next-step guidance.
CrowdStrike to Acquire Onum for Enhanced Falcon Next-Gen SIEM
CrowdStrike announced plans to acquire Onum, a data pipeline management provider, to enhance the Falcon Next-Gen SIEM platform. The acquisition aims to improve autonomous detection capabilities by integrating Onum's real-time telemetry pipeline management and data filtering technologies. This move addresses the challenges security teams face in handling large volumes of security data and aims to reduce data storage costs and incident response times. Onum's technology can process up to five times more events per second than competitors, cut storage costs by up to 50%, and reduce incident response times by up to 70%. The integration will simplify onboarding and enhance AI efficacy in security operations.
Zero-click exploit targets AI enterprise agents
AI enterprise agents, integrated with various enterprise environments, are vulnerable to zero-click exploits. Attackers can take over these agents using only a user's email address, gaining access to sensitive data and manipulating users. The exploit affects major AI assistants from Microsoft, Google, OpenAI, Salesforce, and others. Organizations must adopt dedicated security programs to manage ongoing risks associated with AI agents. Current security approaches focusing on prompt injection have proven ineffective. The exploit highlights the need for defense-in-depth strategies and hard boundaries to mitigate risks. Organizations are advised to assume breaches and apply lessons learned from past security challenges.
AI SOC Capabilities and Their Impact on Security Operations
AI SOC capabilities are gaining traction in security operations, addressing inefficiencies and enhancing threat detection and response. These capabilities automate triage, speed up investigations, and provide insights for detection engineering. AI SOC tools work alongside human analysts to improve SOC operations, enabling more proactive threat hunting and reducing the workload on analysts. The integration of AI in SOCs is not about replacing human analysts but about shifting their focus to higher-impact activities. Key principles for evaluating AI SOC solutions include transparency, data privacy, integration depth, adaptability, accuracy, and time to value.