Who is this for? MSP/MSSP Partners, Security Engineers
The Challenge of Detection Content at Scale
Managing detection rules across dozens or hundreds of customer Sentinel workspaces presents significant challenges:- Inconsistent coverage — Different rules enabled in different workspaces
- Manual deployment — Time-consuming process to deploy or update rules
- No centralized visibility — Difficult to see what’s deployed where
- Change management overhead — Tracking which customers have which versions
Introducing ContraForce CMS
The ContraForce Content Management System (CMS) provides a toggle-based interface for deploying and managing detection rules across all your customer Sentinel workspaces:Centralized Rule Management
- View all available detection rules in a single dashboard
- See deployment status across all customer workspaces
- Toggle rules on or off for individual or multiple customers
Curated Detection Library
- Access ContraForce’s curated library of detection rules
- Rules optimized for common threat scenarios
- Regular updates as new threats emerge
Bulk Operations
- Deploy rules to multiple workspaces simultaneously
- Update rule configurations across your entire customer base
- Roll back changes if needed
How It Works
- Navigate to the CMS module in your ContraForce workspace
- Browse available detection rules
- Select target customer workspaces
- Toggle rules on to deploy
Quick Summary
- Centralize management of detection rules across all customer Microsoft Sentinel workspaces.
- Use a toggle-based CMS interface to deploy, update, and roll back rules at scale.
- Leverage a curated, regularly updated library of ContraForce detection content.
- Perform bulk operations to keep coverage consistent and reduce manual change management.
CMS Module Setup
Deploy the Content Management System
Microsoft Sentinel Module
Connect Microsoft Sentinel
Questions? Contact us at [email protected].