Forum Discussion
HeikeRitter
Microsoft
MicrosoftNinja Cat Giveaway: Episode 3 | Sentinel integration
For this episode, your opportunity to win a plush ninja cat is the following -
Reply to this thread with: what was your favorite feature Javier presented? Oh and what does UEBA stand for?
Th...
HeikeRitter
Favourite Features:
- Ability to integrate 3rd party applications using connectors.
- Fusion Rules (which combines signals from different services to generate an alert).
- MITRE ATT&CK (Preview) heat maps.
- Playbook templates under Automation. Block AAD user is great to prevent account compromise.
UEBA stands for User and Entity Behaviour Analytics.
Basis the data collected by Sentinel (logs/alerts), Sentinel creates a baseline profile for entities.
These baselines profiles can then be utilised by Sentinel to detect anomalies (like login from a new/suspicious location).
