Forum Discussion

FeintBE's avatar
FeintBE
Copper Contributor
Feb 25, 2020

Analytic rule querying

Hello,   I'm working on alerting in Azure sentinel, my domain controller is connected with Azure, for example when someone trying to login to my domain, it will be logged.   I already know u can ...
Rod_Trent's avatar
Rod_Trent
Icon for Microsoft rankMicrosoft
Feb 25, 2020

FeintBE Are you familiar with our Livestream component in the Hunting blade. When you right-click on a query here, you can add it to the Livestream tab where you can start and stop the stream. What this does is set the query to run every 1 minute and you'll be alerted through Azure notifications as long as the livestream is active. The display for the active Livestream will also increment whenever the result is reached. This is a great way to monitor a potentially active threat.

 

FeintBE's avatar
FeintBE
Copper Contributor
Feb 26, 2020

Rod_Trent  Well this is very nice, but there is an option to connect your livestream with an analytic rule, and thus there will be a 5 min delay till i can get a mail as alert. or do u know a work around?

Resources