Jun 08 2020
04:05 AM
- last edited on
Dec 23 2021
04:51 AM
by
TechCommunityAP
Jun 08 2020
04:05 AM
- last edited on
Dec 23 2021
04:51 AM
by
TechCommunityAP
Hello All,
Few basic questions;
What are best practices used cases for Security , malicious activity, cloud Security etc.
What are top 10 or 20 used cases list for different scenario
Jun 08 2020 12:11 PM
Have you looked at the Sentinel Github (especially the Detection and maybe even the Hunting folders) https://github.com/Azure/Azure-Sentinel
Also see SOC prime integration https://techcommunity.microsoft.com/t5/azure-sentinel/azure-sentinel-sigma-and-soc-prime-integration...
Maybe also some partner content (two seelcted at random)
https://github.com/BlueTeamLabs/sentinel-attack/tree/master/detections and https://github.com/wortell/KQL
Also when you deploy (or just have a look) at a Sentinel connector - see:
Data Connector --> Open Connector Page --> [Next Steps] --> "Relevant analytic templates"
This shows any related Alerts / use cases