What are the Best practices used cases for Security Alerts for Cloud Security?

Visitor

Hello All,

 

Few basic questions;

 

What are best practices used cases for Security , malicious activity, cloud Security etc. 

What are top 10 or 20 used cases list for different scenario

 

 

1 Reply

@Sohail_Patel 

 

Have you looked at the Sentinel Github (especially the Detection and maybe even the Hunting folders) https://github.com/Azure/Azure-Sentinel

 

Also see SOC prime integration https://techcommunity.microsoft.com/t5/azure-sentinel/azure-sentinel-sigma-and-soc-prime-integration...

 

Maybe also some partner content (two seelcted at random)

https://github.com/BlueTeamLabs/sentinel-attack/tree/master/detections and https://github.com/wortell/KQL 

 

Also when you deploy (or just have a look) at a Sentinel connector - see:

 

Data Connector --> Open Connector Page -->  [Next Steps] --> "Relevant analytic templates"   

This shows any related Alerts / use cases