Sep 08 2020
10:10 AM
- last edited on
Dec 23 2021
04:49 AM
by
TechCommunityAP
Sep 08 2020
10:10 AM
- last edited on
Dec 23 2021
04:49 AM
by
TechCommunityAP
Please help me understand how this Entity behavior analytics in Sentinel can be used? Are there examples that can be shared?
Can this feature extend analysis from Entity Behavior Analytics in Azure ATP?
Sep 08 2020 11:03 AM
@sudhamani85 In a nutshell what it will do is to allow you to see much more information about a user or a host than you were able to before. You can see if there are any alerts for the entity (including MTATP information for hosts if you are using that) and more detailed Insights.
I believe, and I don't work for MS so this is just a guess, that this will be incorporated into the Incident investigation to make it easier to get more information about entities.
As far as getting the information from Azure ATP's Entity Behavior Analytics, I do not know.