User Profile

Guy_S_Dev1

Copper Contributor

Joined 2 years ago

3 Posts2 Likes

View All Badges

User Widgets

Recent Discussions

NRT Rules & Regular Analytics Rules in Sentinel Checklist
This table serves as a handy checklist for cyber analysts when creating KQL analytic rules. It provides a clear comparison between Near Real-Time (NRT) and Regular Analytic rules, highlighting key considerations such as query interval, ingestion delay, alert generation, event grouping, rule creation, and limitations. By referring to this table, analysts can make an informed decision on whether to use an NRT or a Regular Analytic rule based on their specific needs and constraints. This can help streamline the rule creation process and ensure effective and efficient threat detection. Remember, the choice between NRT and Regular Analytic rules ultimately depends on the specific requirements of your security operations center. Link:KQL/NRTchecklist. at main · guys1444/KQL (github.com)
Feb 01, 2024 Place Security, Compliance, and Identity
microsoft sentinel
430Views
0likes
0Comments
Sending entities data to a server or API endpoint
Hi, I want to create a playbook that will take an entity data VAR and send it to a python server or API endpoint. is it possible? andhow? thanks.
Jan 07, 2024 Place Microsoft Sentinel
Alerts
playbooks
363Views
1like
1Comment
Common security logs data in size
Hi , would like to know if it is possible to breakdown the commonSecurityLog table that it will show the data that is ingested by Computer (ip) GB and cost ?
Dec 12, 2023 Place Microsoft Sentinel
Analytics
515Views
1like
1Comment

Groups

Recent Blog Articles

No content to show