Dec 16 2020 08:31 PM
Hi Guys
I am new to the Sentinel family. We have recently setup ZScaler connector and can see the NSS for Web logs arriving Azure Sentinel. Any suggestions what best rule/use case we can setup to get max out of the logs coming in and how can we set it up.
Thanks
Dec 17 2020 02:54 AM
Have you enabled the three recommend ones? You can also look at four workbooks Zscalar provided, you can edit these, and see the queries used, and with minimal adaptation create some more rules.
If you do create some, it would be great to share these back in the Github? Azure/Azure-Sentinel: Cloud-native SIEM for intelligent security analytics for your entire enterpris...
Dec 17 2020 11:07 AM