Microsoft Security Tech Accelerator
Dec 06 2023, 07:00 AM - 12:00 PM (PST)
Microsoft Tech Community

AKS Sentinel analytics rules

Copper Contributor

Hello, I have enabled diagnostic settings on AKS clusters and are sending data to a Sentinel workspace according to article here: Monitoring Azure Kubernetes Service (AKS) with Microsoft Sentinel - Microsoft Community Hub


I can see that there are some query rules examples in the article, but obviously we need more than those examples. I have tried searching around different Github repositories for some examples, but I am not able to find anything. 

From the same article, I can see that there is a possibility to enable container defender plans and then stream Defender for Cloud security alerts into Sentinel. This also certinately seem like a good option.


Do any of you have AKS connector enabled? If so, can you share some rules that you have running? Also, please let me know if best practice is to use container defender plans.

0 Replies