Detection capability of Azure Sentinel

%3CLINGO-SUB%20id%3D%22lingo-sub-2665309%22%20slang%3D%22en-US%22%3EDetection%20capability%20of%20Azure%20Sentinel%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2665309%22%20slang%3D%22en-US%22%3E%3CP%3EThere%20are%20some%20built-in%20Analytics%20rules%20based%20on%20data%20sources%20beside%20that%20how%20you%20increase%20the%20detection%20capability%20of%20Azure%20Sentinel%3F%20What%20I%20want%20to%20know%20that%20do%20you%20looking%20the%20latest%20IOCs%20and%20create%20a%20custom%20rules%20%2C%20did%20you%20map%20the%20azure%20sentinel%20with%20MITRE%20and%20what%20are%20some%20good%20platform%20where%20i%20find%20threat%20detection%20queries%2Frules%20for%20Azure%20Sentinel.%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2665697%22%20slang%3D%22en-US%22%3ERe%3A%20Detection%20capability%20of%20Azure%20Sentinel%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2665697%22%20slang%3D%22en-US%22%3EAdding%20custom%20analytics%20rules%20is%20almost%20a%20requirement%20while%20you%20work%20with%20Sentinel.%20Although%20it%20comes%20with%20some%20out%20of%20the%20box%20stuff%2C%20you%20may%20have%20your%20own%20preferences%20when%20it%20comes%20to%20rules%20to%20use%20while%20detection%20threats.%20A%20good%20source%20for%20community%20provided%20KQL%20and%20other%20Sentinel%20resources%20would%20be%20%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FAzure-Sentinel%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2FAzure%2FAzure-Sentinel%3C%2FA%3E.%3C%2FLINGO-BODY%3E
Occasional Contributor

There are some built-in Analytics rules based on data sources beside that how you increase the detection capability of Azure Sentinel? What I want to know that do you looking the latest IOCs and create a custom rules , did you map the azure sentinel with MITRE and what are some good platform where i find threat detection queries/rules for Azure Sentinel.

Thanks

1 Reply
Adding custom analytics rules is almost a requirement while you work with Sentinel. Although it comes with some out of the box stuff, you may have your own preferences when it comes to rules to use while detection threats. A good source for community provided KQL and other Sentinel resources would be https://github.com/Azure/Azure-Sentinel.