cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

New Blog Post | Azure Sentinel Information Model Fall Release: Speed and Ease

AshleyMartin
Microsoft

‎Sep 14 2021 11:55 AM

‎Sep 14 2021 11:55 AM

New Blog Post | Azure Sentinel Information Model Fall Release: Speed and Ease

AshleyMartin_0-1631643625539.png

Azure Sentinel Information Model Fall Release: Speed and Ease - Microsoft Tech Community

The first schema to use parametrized parsers is the DNS schema. DNS is a high-volume source, and using optimized parsers enables the new normalized Threat Intelligence Analytics Rules (Domains, IPs) to match your TI to even the highest volume of DNS data. And with out-of-the-box optimized parsers for a wide variety of DNS servers and clients, including Windows DNS Server, InfoBlox, Cisco Umbrella, Corelight Zeek, Google Cloud DNS, and Sysmon, you get this detection across much more of your data. 

 

Join us to learn more about parametrized parsers in our upcoming webinar “Turbocharging ASIM: Making Sure Normalization Helps Performance Rather Than Impacting It” on Oct 6th. Register, as usual on https://aka.ms/securitywebinars.

Original Post: New Blog Post | Azure Sentinel Information Model Fall Release: Speed and Ease - Microsoft Tech Commu...

419 Views
0 Likes
0 Replies
Reply
0 Replies