Mar 17 2021
09:24 AM
- last edited on
Nov 03 2021
03:42 AM
by
TechCommunityAP
Mar 17 2021
09:24 AM
- last edited on
Nov 03 2021
03:42 AM
by
TechCommunityAP
A key task that faces customers who continue to migrate from other SIEM solutions to Azure Sentinel is translating existing detection rules into rules that map to Azure Sentinel as accurately as possible. However, Azure Sentinel offers significant advantages around the analytics rules pillar that make SIEM migrations a worthwhile effort. Some of these features include four built-in rule types (discussed later in this blog), alert grouping, event grouping, entity mapping, evidence summary, and a powerful query language that can be used across other Microsoft solutions such as Microsoft Defender for Endpoint and Application Insights.