Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community
Microsoft Sentinel customizable machine learning based anomalies is Generally Available
Published Sep 12 2022 10:52 AM 4,116 Views
Microsoft

Introduction

Security analysts can use anomalies to reduce investigation and hunting time, as well as detect new and emerging threats. Typically, these benefits come at the cost of a high benign positive rate, but Microsoft Sentinel’s customizable anomaly models are tuned by our data science team and trained with the data in your Microsoft Sentinel workspace to reduce the rate, providing out-of-the box value. If security analysts need to tune them further, the process is simple and requires no knowledge of machine learning.

 

Read this blog to find out which capabilities were supported in Public Preview and how to tune anomalies: Democratize Machine Learning with Customizable ML Anomalies - Microsoft Tech Community

 

In this blog, we will discuss how customizable machine learning based anomalies have improved since Public Preview.

 

Anomalies tab

Anomalies have their own tab on the Analytics blade! It provides a consolidated view of anomalies. Check it out to see how many new anomalies we’ve added since Public Preview!

 

We also added an opportunity for you to provide feedback about anomalies as a part of the tuning process. We look forward to reading your feedback!

 

Please read this blog for additional details: Discover the power of UEBA anomalies in Microsoft Sentinel - Microsoft Tech Community

 

Workbook

Previously, you had to query the Anomalies table to find the anomalies in your workspace. Now, we do that work for you! The Anomalies Visualization Workbook not only provides you with a comprehensive view of the anomalies in your workspace for unprecedented situational awareness, but also shows you how anomalies are making an impact via incidents.

 

Please read this blog for additional details: Discover the power of UEBA anomalies in Microsoft Sentinel - Microsoft Tech Community

 

Entity Pages

You can see both alerts and activities related to the entity as well as anomalies in the entity pages. Anomalies are shown both in the chart and in the timeline.

 

Please read this blog for additional details: Discover the power of UEBA anomalies in Microsoft Sentinel - Microsoft Tech Community

 

Fusion

Fusion can identify novel attacks by associating unusual behaviors in the environment as surfaced by customizable machine learning based anomalies with the learnings from known attack patterns, IoCs, past incidents, customer feedback and Microsoft internal security labels.

 

Please see this blog for additional details: Detecting Emerging Threats with Microsoft Sentinel Fusion - Microsoft Tech Community

                    

We will continue to enable other Microsoft Sentinel features to use customizable machine learning based anomalies automatically, so that you get their value without having to do any additional work.

 

Learn more about customizable machine learning based anomalies

 

 

 

Co-Authors
Version history
Last update:
‎Sep 13 2022 09:31 AM
Updated by: