Blog Post

Microsoft Sentinel Blog

5 MIN READ

Azure Sentinel correlation rules: the join KQL operator

Microsoft

Dec 05, 2019

In the SIEM world, rules are often called correlation rules. While this is not always the case, and therefore I prefer the term detection rules, it conveys the importance of correlation for SIEM. Wha...

Updated Dec 29, 2020

Version 8.0

detection

Query

Ofer_Shezaf

Microsoft

Joined March 01, 2019

View Profile

Microsoft Sentinel Blog

Microsoft Sentinel is a cloud-native SIEM, enriched with AI and automation to provide expansive visibility across your digital environment.

Ofer_Shezaf

Microsoft

Dec 05, 2019

Thanks GaryBushey! fixed. I really need to get an exception to run Grammarly in Chrome. Corporate policy does not allow me which means I am cutting and pasting parts back and forth, and those are the results 😞