Entity behavior analytics (Preview) on Sentinel

%3CLINGO-SUB%20id%3D%22lingo-sub-1645222%22%20slang%3D%22en-US%22%3EEntity%20behavior%20analytics%20(Preview)%20on%20Sentinel%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1645222%22%20slang%3D%22en-US%22%3E%3CP%3EPlease%20help%20me%20understand%20how%20this%20%3CSTRONG%3EEntity%20behavior%20analytics%3C%2FSTRONG%3E%20in%20Sentinel%20can%20be%20used%3F%20Are%20there%20examples%20that%20can%20be%20shared%3F%3C%2FP%3E%3CP%3ECan%20this%20feature%20extend%20analysis%20from%20Entity%20Behavior%20Analytics%20in%20Azure%20ATP%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1645222%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3Eazure%20atp%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESentinel%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1645414%22%20slang%3D%22en-US%22%3ERe%3A%20Entity%20behavior%20analytics%20(Preview)%20on%20Sentinel%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1645414%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F680582%22%20target%3D%22_blank%22%3E%40sudhamani85%3C%2FA%3E%26nbsp%3BIn%20a%20nutshell%20what%20it%20will%20do%20is%20to%20allow%20you%20to%20see%20much%20more%20information%20about%20a%20user%20or%20a%20host%20than%20you%20were%20able%20to%20before.%26nbsp%3B%20%26nbsp%3BYou%20can%20see%20if%20there%20are%20any%20alerts%20for%20the%20entity%20(including%20MTATP%20information%20for%20hosts%20if%20you%20are%20using%20that)%20and%20more%20detailed%20Insights.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20believe%2C%20and%20I%20don't%20work%20for%20MS%20so%20this%20is%20just%20a%20guess%2C%20that%20this%20will%20be%20incorporated%20into%20the%20Incident%20investigation%20to%20make%20it%20easier%20to%20get%20more%20information%20about%20entities.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAs%20far%20as%20getting%20the%20information%20from%20Azure%20ATP's%20Entity%20Behavior%20Analytics%2C%20I%20do%20not%20know.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Visitor

Please help me understand how this Entity behavior analytics in Sentinel can be used? Are there examples that can be shared?

Can this feature extend analysis from Entity Behavior Analytics in Azure ATP?

 

1 Reply
Highlighted

@sudhamani85 In a nutshell what it will do is to allow you to see much more information about a user or a host than you were able to before.   You can see if there are any alerts for the entity (including MTATP information for hosts if you are using that) and more detailed Insights.  

 

I believe, and I don't work for MS so this is just a guess, that this will be incorporated into the Incident investigation to make it easier to get more information about entities.

 

As far as getting the information from Azure ATP's Entity Behavior Analytics, I do not know.