Mar 05 2019 12:27 PM - edited Mar 05 2019 12:29 PM
Hello,
I started gathering logs from different sources and was able to view the dashboards and raise alerts created in app logic designer, great so far..
Still though, most resources online mention a certain "built-in machine learning" capabilities. I would like to get to test these features hands-on.
I found this enable/disable fusion tutorial even more intriguing, https://docs.microsoft.com/en-us/azure/sentinel/connect-fusion .So, what are the next steps after enabling it?
I started to wonder if this ML is something that is expected to run behind the scenes rather then a tool to leverage by customers.
Mar 05 2019 08:36 PM
There is an impending blogpost about AI/ML in Azure Sentinel. I'll provide link here when the blog is live.
In short, Fusion uses state of the art scalable learning algorithms to correlate millions of low fidelity anomalous activities from different services and products into high fidelity actionable cases so as to drastically decrease false positive rate. From our measurement with external customers and internal evaluation, we have a median 94% reduction in alert fatigue. The following scenarios are supported in Fusion now. We are going to add more.
To get alert of above scenarios, you need Azure Active Directory Identity Protection and Microsoft Cloud App Security (MCAS) running, Fusion enabled, and at least one of the attack scenarios happens.
Azure Sentinel also supports built-in ML model and Built-Your-Own ML which are in private preview. Please send an email to askepd@microsoft.com if you want to learn more about them or enable those ML features.
Mar 06 2019 02:07 AM - edited Mar 06 2019 02:09 AM
Thanks Sharon.
I've sent an email to askepd@microsoft.com as advised.
The mail was not delivered, apparently I'm not authorized.
Also looking forward to reading the blogpost and hopefully get more hands-on test scenarios and tutorials.
Meanwhile I'll see what I can get out of fusion enabled along with Identity Protection and Cloud App Security.
Mar 19 2019 08:41 AM - edited Mar 19 2019 08:44 AM
Azure Sentinel webinar: https://aka.ms/AzureSentinelWebinar.
Mar 19 2019 08:43 AM - edited Mar 19 2019 08:45 AM
Azure Sentinel ML blog was published this morning. Here is the link: https://azure.microsoft.com/en-us/blog/reducing-security-alert-fatigue-using-machine-learning-in-azu...