Forum Discussion
MicrosoftNinja Cat Giveaway: Episode 3 | Sentinel integration
For this episode, your opportunity to win a plush ninja cat is the following -
Reply to this thread with: what was your favorite feature Javier presented? Oh and what does UEBA stand for?
This offer is non-transferable and cannot be combined with any other offer. This offer ends on April 14th, 2023, or until supplies are exhausted and is not redeemable for cash. Taxes, if there are any, are the sole responsibility of the recipient. Any gift returned as non-deliverable will not be re-sent. Please allow 6-8 weeks for shipment of your gift. Microsoft reserves the right to cancel, change, or suspend this offer at any time without notice. Offer void in Cuba, Iran, North Korea, Sudan, Syria, Region of Crimea, Russia, and where prohibited.
38 Replies
- UEBA means User and Entity Behavior Analytics
What is my favourite feature (there are more than one...) is for sure automation and specially the playbook templates that help to be very more efficient quickly.
Cheers - My favorite feature is the Bi-direction synchronization because I did not know it's there and it's something been plaguing my team.
UEBA = User and Entity Behavior Analytics Hi, Thank you for your great video 🙂
In this video part, I've understood that there are many data connectors in sentinel, NOT ONLY FOR microsoft solutions.It can help every users to ingest logs to sentinel, it's so EASY !!
And, in sentinel, there are many detection mechanism like ML and TI.
Through creating fusion rules, sentinel can detect advanced threats.
Admin can see the detection overview on MITRE ATT&CK page, based on this, admin can understand attack technics that is NOW happening !
Sentinel has soooo many features to realize Modern SOC for every company.
- MaryamRExcellent presentation by Javier. I especially enjoyed the section on leveraging Fusion ML and fusing multiple alerts from different providers and sources and raise severity to best reflect the potential impact of a threat. As well as sections on Content Hub and 282 connectors that we can access by filtering on a variety of categories and of course the MITRE ATT&CK dashboard and HIIT map. Can't wait to spend more time on these areas.
- Hi Heike,
My favorite features Javier presented today are the following:
1. Data connectors. {collecting different data from other MS services or third-party applications.}
2. Analytic rules. {The way to start detecting is enabling analytics rules, you always want to start from enabling necessary rules (NOT everything) as a best practice. }
3. Content hub (Preview) {a solution gallery}
4. Bi-direction synchronization between MS Sentinel and MS 365 Defender
5. MITRE ATT&CK (Preview) {a comprehensive heat map}
6. Playbook template for automating threat response {Logic app designer}
UEBA stands for User and Entity Behavior Analytics. It is used for collecting and analyzing data that Sentinel collects from different data sources, then being trained, and set some baselines for entities.
Thank you! Hello,
My favorite feature was the automation rules & the playbooks
UEBA means User and Entity Behaviour Analytics.
Thank you
HeikeRitter and Javier great show! I liked seeing the playbook templates. I had not seen them before. It's great how you can filter them to find what you need, then configure them in the logic app creator. Nice!
UEBA is User and Entity Behavior Analytics.HeikeRitter
My favourite feature is Hunting, it's a powerful feature that can return a lot of data which helps provide extra insight and information when looking at an incident.
UEBA means User and Entity Behavior Analytics, some call it User Entity and Behavior Analytics.UEBA = User and Entity Behavior Analytics. Favourite part was the "next steps" in the Data Connectors section. Been using Sentinel for a while now and did not know about this! Thanks Javier!
Looking forward to the next show, HeikeRitter.
Cheers!
HeikeRitter
Favourite Features:- Ability to integrate 3rd party applications using connectors.
- Fusion Rules (which combines signals from different services to generate an alert).
- MITRE ATT&CK (Preview) heat maps.
- Playbook templates under Automation. Block AAD user is great to prevent account compromise.
UEBA stands for User and Entity Behaviour Analytics.
Basis the data collected by Sentinel (logs/alerts), Sentinel creates a baseline profile for entities.
These baselines profiles can then be utilised by Sentinel to detect anomalies (like login from a new/suspicious location).
