Forum Discussion
What are the Best practices used cases for Security Alerts for Cloud Security?
Hello All, Few basic questions; What are best practices used cases for Security , malicious activity, cloud Security etc. What are top 10 or 20 used cases list for different scenario
Have you looked at the Sentinel Github (especially the Detection and maybe even the Hunting folders) https://github.com/Azure/Azure-Sentinel
Also see SOC prime integration https://techcommunity.microsoft.com/t5/azure-sentinel/azure-sentinel-sigma-and-soc-prime-integration-part-1-convert/ba-p/1232903
Maybe also some partner content (two seelcted at random)
https://github.com/BlueTeamLabs/sentinel-attack/tree/master/detections and https://github.com/wortell/KQL
Also when you deploy (or just have a look) at a Sentinel connector - see:
Data Connector --> Open Connector Page --> [Next Steps] --> "Relevant analytic templates"
This shows any related Alerts / use cases