Microsoft Sentinel Adds Custom Graphs for Security Data Visualization
Microsoft has introduced a public preview of custom graphs in Microsoft Sentinel, aimed at improving how security teams visualize and analyze threat data. The feature allows users to create customized graph-based views of security data, enabling analysts to map relationships between entities such as users, devices and events. Powered by Fabric, these visualizations are designed to help identify patterns, investigate incidents and understand potential attack paths more effectively. With custom graphs, users can understand the blast radius, reconstruct real attack chains and spot hidden risks and anomalies.
Microsoft Sentinel is a cloud-native security information and event management (SIEM) platform used to collect and analyze security telemetry. By adding custom graph capabilities, Microsoft aims to give organizations more flexibility in how they explore and interpret complex datasets. Security teams are increasingly relying on graph-based analysis to detect sophisticated threats, including lateral movement and identity-based attacks. Users can also use the Sentinel VS Code extension to generate custom graphs that can help with validating hunting hypotheses. The feature is now available in public preview via Microsoft Sentinel.
Posted by Redmondmag.com Editors on 03/31/2026