Forum Discussion
Get the User Risk Score
Hello, In order to perform some SOAR, I would like to know how I could get the data link from the https://docs.microsoft.com/en-us/cloud-app-security/tutorial-ueba#risk-score. For in...
Bumping this feature request
- ability to create an MCAS or Sentinel alert based on having access to the Investigation Priority Score.
- The ability to ingest and create a KQL query in Sentinel that is able to query the Investigation Priority Score for any particular user.
The rule available in MCAS for
Investigation priority score increase
is not configurable to set threshold, its instead based on a user moving to top 99% of risky users in the organisation.
This isn't sensitive enough for detecting attacks earlier based on suspicious activities and lower risk scores
- ability to create an MCAS or Sentinel alert based on having access to the Investigation Priority Score.
- The ability to ingest and create a KQL query in Sentinel that is able to query the Investigation Priority Score for any particular user.
The rule available in MCAS for
Investigation priority score increase
is not configurable to set threshold, its instead based on a user moving to top 99% of risky users in the organisation.
This isn't sensitive enough for detecting attacks earlier based on suspicious activities and lower risk scores