Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Microsoft Sentinel expands into unified agentic platform with data lake GA and Graph preview

Security Tool/Service
First reported
Last updated
Happening score
H score 10
2 unique sources, 2 articles

Summary

Hide ▲

Microsoft Sentinel expanded into a unified agentic security platform, with Sentinel data lake now generally available and Sentinel Graph plus a Sentinel MCP server in public preview. The update is meant to help defenders ingest and correlate signals across domains and support Security Copilot and developer workflows. Microsoft is positioning the platform for graph-based context and AI-agent orchestration to improve detection and response at scale.

Related Happenings

Microsoft Defender for Endpoint automatic endpoint isolation preview

Security Tool/Service
First: 26.05.2026 15:19 Last: 26.05.2026 15:19 Sources 1

About this happening: Microsoft is previewing **automatic isolation** for compromised endpoints in **Defender for Endpoint**, reducing **lateral movement** risk on managed workstations. The capability...

Open Happening

Zealot autonomous AI cloud intrusion proof of concept

Technical Analysis
First: 23.04.2026 13:09 Last: 23.04.2026 13:09 Sources 1

About this happening: **Palo Alto Networks Unit 42** built **Zealot**, an autonomous AI agent that successfully attacked an isolated **Google Cloud Platform** environment, showing that machine-speed ad...

Open Happening

GopherWhisper China-aligned APT campaign targeting Mongolian government institutions

Campaign
First: 23.04.2026 12:04 Last: 23.04.2026 12:04 Sources 1

About this happening: The **GopherWhisper** campaign is a **China-aligned APT operation** targeting **Mongolian governmental institutions**, and it now appears to extend beyond a single compromise to *...

Open Happening

CrowdStrike Falcon Next-Gen SIEM adds Microsoft Defender for Endpoint telemetry integration

Security Tool/Service
First: 03.04.2026 14:53 Last: 03.04.2026 14:53 Sources 1

About this happening: **CrowdStrike Falcon Next-Gen SIEM** now ingests **Microsoft Defender for Endpoint** telemetry, making Defender the first EDR integrated into the platform and broadening support f...

Open Happening

Microsoft launches agent guardrails, identities, and Security Copilot updates for agentic AI

Security Tool/Service
First: 24.03.2026 14:28 Last: 24.03.2026 14:28 Sources 1

About this happening: **Microsoft** rolled out new **agentic AI security controls** at **RSAC Conference**, adding preview **guardrails in Microsoft Foundry**, **agent identities in Entra ID**, and upd...

Open Happening

Timeline

  1. 30.09.2025 16:00 3 articles · 7mo ago

    Microsoft Sentinel expands into unified agentic security platform

    Initial Disclosure

    Microsoft expanded Sentinel Security Incidents and Event Management solution (SIEM) into a unified agentic security platform, made the Sentinel data lake generally available, and released Sentinel Graph and Sentinel Model Context Protocol (MCP) server in public preview. Microsoft said the design centers on graph-based context, semantic access, and agentic orchestration so defenders can ingest signals, correlate across domains, and use Security Copilot, VS Code with GitHub Copilot, Defender, and Purview more effectively; it also said the platform will gain additional Azure AI Foundry protections against (cross-)prompt injection attacks. Microsoft had previously released Sentinel data lake in public preview earlier this July as a cloud-native tool for ingesting, managing, and analyzing security data.

    Show sources
    Open in new tab