What are the Best practices used cases for Security Alerts for Cloud Security?

Copper Contributor

Hello All,


Few basic questions;


What are best practices used cases for Security , malicious activity, cloud Security etc. 

What are top 10 or 20 used cases list for different scenario



1 Reply



Have you looked at the Sentinel Github (especially the Detection and maybe even the Hunting folders) https://github.com/Azure/Azure-Sentinel


Also see SOC prime integration https://techcommunity.microsoft.com/t5/azure-sentinel/azure-sentinel-sigma-and-soc-prime-integration...


Maybe also some partner content (two seelcted at random)

https://github.com/BlueTeamLabs/sentinel-attack/tree/master/detections and https://github.com/wortell/KQL 


Also when you deploy (or just have a look) at a Sentinel connector - see:


Data Connector --> Open Connector Page -->  [Next Steps] --> "Relevant analytic templates"   

This shows any related Alerts / use cases