Best practices for managing use-case exceptions for an MSSP Sentinel environment

%3CLINGO-SUB%20id%3D%22lingo-sub-2612881%22%20slang%3D%22en-US%22%3EBest%20practices%20for%20managing%20use-case%20exceptions%20for%20an%20MSSP%20Sentinel%20environment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2612881%22%20slang%3D%22en-US%22%3E%3CP%3EGood%20night%20people.%3C%2FP%3E%3CP%3EI%20work%20on%20managing%20Azure%20Sentinel%20for%20customers%20in%20an%20MSSP%20environment%20and%20have%20been%20encountering%20a%20dilemma%20in%20managing%20exceptions%20for%20use%20cases.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIt's%20been%20my%20pain.%20%3A(%3C%2Fimg%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHow%20do%20you%20create%20use%20case%20exceptions%20in%20a%20scalable%20way%20that%20doesn't%20need%20to%20go%20into%20each%20case's%20KQL%20code%20to%20insert%20an%20exception%20if%20you%20do%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E
Contributor

Good night people.

I work on managing Azure Sentinel for customers in an MSSP environment and have been encountering a dilemma in managing exceptions for use cases.

 

It's been my pain. :(

 

How do you create use case exceptions in a scalable way that doesn't need to go into each case's KQL code to insert an exception if you do?

0 Replies