What are the Best practices used cases for Security Alerts for Cloud Security?

%3CLINGO-SUB%20id%3D%22lingo-sub-1448061%22%20slang%3D%22en-US%22%3EWhat%20are%20the%20Best%20practices%20used%20cases%20for%20Security%20Alerts%20for%20Cloud%20Security%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1448061%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20All%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFew%20basic%20questions%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhat%20are%20best%20practices%20used%20cases%20for%20Security%20%2C%20malicious%20activity%2C%20cloud%20Security%20etc.%26nbsp%3B%3C%2FP%3E%3CP%3EWhat%20are%20top%2010%20or%2020%20used%20cases%20list%20for%20different%20scenario%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1448061%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EUsed%20case%20for%20Security%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1449301%22%20slang%3D%22en-US%22%3ERe%3A%20What%20are%20the%20Best%20practices%20used%20cases%20for%20Security%20Alerts%20for%20Cloud%20Security%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1449301%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F692448%22%20target%3D%22_blank%22%3E%40Sohail_Patel%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EHave%20you%20looked%20at%20the%20Sentinel%20Github%20(especially%20the%20%3CSTRONG%3EDetection%3C%2FSTRONG%3E%20and%20maybe%20even%20the%20%3CSTRONG%3EHunting%3C%2FSTRONG%3E%20folders)%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FAzure-Sentinel%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2FAzure%2FAzure-Sentinel%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAlso%20see%20SOC%20prime%20integration%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fazure-sentinel-sigma-and-soc-prime-integration-part-1-convert%2Fba-p%2F1232903%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fazure-sentinel-sigma-and-soc-prime-integration-part-1-convert%2Fba-p%2F1232903%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EMaybe%20also%20some%20partner%20content%20(two%20seelcted%20at%20random)%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FBlueTeamLabs%2Fsentinel-attack%2Ftree%2Fmaster%2Fdetections%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2FBlueTeamLabs%2Fsentinel-attack%2Ftree%2Fmaster%2Fdetections%3C%2FA%3E%26nbsp%3Band%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2Fwortell%2FKQL%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2Fwortell%2FKQL%3C%2FA%3E%26nbsp%3B%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAlso%20when%20you%20deploy%20(or%20just%20have%20a%20look)%20at%20a%20Sentinel%20connector%20-%20see%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EData%20Connector%20--%26gt%3B%20Open%20Connector%20Page%20--%26gt%3B%26nbsp%3B%20%5BNext%20Steps%5D%20--%26gt%3B%20%22%3CSPAN%3ERelevant%20analytic%20templates%22%3C%2FSPAN%3E%26nbsp%3B%20%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CEM%3EThis%20shows%20any%20related%20Alerts%20%2F%20use%20cases%26nbsp%3B%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Visitor

Hello All,

 

Few basic questions;

 

What are best practices used cases for Security , malicious activity, cloud Security etc. 

What are top 10 or 20 used cases list for different scenario

 

 

1 Reply

@Sohail_Patel 

 

Have you looked at the Sentinel Github (especially the Detection and maybe even the Hunting folders) https://github.com/Azure/Azure-Sentinel

 

Also see SOC prime integration https://techcommunity.microsoft.com/t5/azure-sentinel/azure-sentinel-sigma-and-soc-prime-integration...

 

Maybe also some partner content (two seelcted at random)

https://github.com/BlueTeamLabs/sentinel-attack/tree/master/detections and https://github.com/wortell/KQL 

 

Also when you deploy (or just have a look) at a Sentinel connector - see:

 

Data Connector --> Open Connector Page -->  [Next Steps] --> "Relevant analytic templates"   

This shows any related Alerts / use cases