Global Secure Access solution for Sentinel
Solution: Global Secure Access
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Publisher | Microsoft Corporation |
| Support Tier | Microsoft |
| Support Link | https://learn.microsoft.com/en-us/entra/global-secure-access/overview-what-is-global-secure-access |
| Categories | domains |
| Version | 3.0.4 |
| Author | Microsoft - support@microsoft.com |
| First Published | 2024-04-08 |
| Last Updated | 2026-03-02 |
| Solution Folder | Global Secure Access |
| Marketplace | Azure Marketplace · Popularity: 🟢 High (91%) |
Global Secure Access is a domain solution and does not include any data connectors. The content in this solution requires one of the product solutions below.
Prerequisite:
Install one or more of the listed solutions to unlock the value provided by this solution. 1. Microsoft Entra ID
Underlying Microsoft Technologies used:
This solution depends on the following technologies, and some of these dependencies may either be in Preview state or might result in additional ingestion or operational costs: 1. Product solutions as described above
Contents
Data Connectors
This solution does not include data connectors.
This solution may contain other components such as analytics rules, workbooks, hunting queries, or playbooks.
Tables Used
This solution queries 6 table(s) from its content items:
| Table | Used By Content |
|---|---|
EnrichedMicrosoft365AuditLogs |
Workbooks |
NetworkAccessGenerativeAIInsights |
Workbooks |
NetworkAccessTraffic |
Analytics, Workbooks |
OfficeActivity |
Workbooks |
Operation |
Workbooks |
SigninLogs |
Workbooks |
Internal Tables
The following 1 table(s) are used internally by this solution's content items:
| Table | Used By Content |
|---|---|
ThreatIntelIndicators |
Analytics |
Content Items
This solution includes 10 content item(s):
| Content Type | Count |
|---|---|
| Analytic Rules | 7 |
| Workbooks | 3 |
Analytic Rules
| Name | Severity | Tactics | Tables Used |
|---|---|---|---|
| GSA - Detect Abnormal Deny Rate for Source to Destination IP | Medium | InitialAccess, Exfiltration, CommandAndControl | NetworkAccessTraffic |
| GSA - Detect Connections Outside Operational Hours | High | InitialAccess | NetworkAccessTraffic |
| GSA - Detect Protocol Changes for Destination Ports | Medium | DefenseEvasion, Exfiltration, CommandAndControl | NetworkAccessTraffic |
| GSA - Detect Source IP Scanning Multiple Open Ports | Medium | Discovery | NetworkAccessTraffic |
| GSA - TI Domain Entity | Medium | CommandAndControl | NetworkAccessTrafficInternal use: ThreatIntelIndicators |
| GSA - TI IP Entity | Medium | CommandAndControl | NetworkAccessTrafficInternal use: ThreatIntelIndicators |
| GSA - TI URL Entity | Medium | CommandAndControl | NetworkAccessTrafficInternal use: ThreatIntelIndicators |
Workbooks
Release Notes
| Version | Date Modified (DD-MM-YYYY) | Change History |
|---|---|---|
| 3.0.4 | 15-04-2026 | Updated workbooks to support the new Entra traffic type; Fixed regex in GSA - TI URL Entity analytic rule for correct URL indicator matching |
| 3.0.3 | 25-02-2026 | Modified the query period for the Analytic Rule: [GSA - Detect Abnormal Deny Rate for Source to Destination IP] |
| 3.0.2 | 04-02-2026 | Added new Analytic Rules |
| 3.0.1 | 16-09-2025 | Made an update to the logic of the Abnormal Port-to-Protocol Analytic Rule |
| 3.0.0 | 01-08-2025 | Updates to the workbook to improve the clarity and consistency of titles for visualizations |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊