Forum Discussion
MicrosoftNinja Cat Giveaway: Episode 3 | Sentinel integration
For this episode, your opportunity to win a plush ninja cat is the following -
Reply to this thread with: what was your favorite feature Javier presented? Oh and what does UEBA stand for?
This offer is non-transferable and cannot be combined with any other offer. This offer ends on April 14th, 2023, or until supplies are exhausted and is not redeemable for cash. Taxes, if there are any, are the sole responsibility of the recipient. Any gift returned as non-deliverable will not be re-sent. Please allow 6-8 weeks for shipment of your gift. Microsoft reserves the right to cancel, change, or suspend this offer at any time without notice. Offer void in Cuba, Iran, North Korea, Sudan, Syria, Region of Crimea, Russia, and where prohibited.
UEBA stands for User and Entity Behavior Analytics. My favourite feature are the analytics rules.
Dwaine RidderhofDefinitely the automation part! Great to remediate incidents with a click of a button.
UEBA = User and Entity Behavior AnalyticsMy favorite features were automation and Sentinel having not only data connectors for Microsoft services but also for Amazon and other third party.
and UEBA is abbreviation of User and Entity Behavior Analytics
- As others have mentioned, UEBA is usually User and Entity Behavior Analytics.
I liked learning about the various Data Connectors, in particular Threat Intelligence. I also liked the comment that the automations are built like Power Automate- that makes them feel more approachable.
Appreciate another great show! HeikeRitter
Favourite Features:- Ability to integrate 3rd party applications using connectors.
- Fusion Rules (which combines signals from different services to generate an alert).
- MITRE ATT&CK (Preview) heat maps.
- Playbook templates under Automation. Block AAD user is great to prevent account compromise.
UEBA stands for User and Entity Behaviour Analytics.
Basis the data collected by Sentinel (logs/alerts), Sentinel creates a baseline profile for entities.
These baselines profiles can then be utilised by Sentinel to detect anomalies (like login from a new/suspicious location).UEBA = User and Entity Behavior Analytics. Favourite part was the "next steps" in the Data Connectors section. Been using Sentinel for a while now and did not know about this! Thanks Javier!
Looking forward to the next show, HeikeRitter.
Cheers!
HeikeRitter
My favourite feature is Hunting, it's a powerful feature that can return a lot of data which helps provide extra insight and information when looking at an incident.
UEBA means User and Entity Behavior Analytics, some call it User Entity and Behavior Analytics.HeikeRitter and Javier great show! I liked seeing the playbook templates. I had not seen them before. It's great how you can filter them to find what you need, then configure them in the logic app creator. Nice!
UEBA is User and Entity Behavior Analytics.Hello,
My favorite feature was the automation rules & the playbooks
UEBA means User and Entity Behaviour Analytics.
Thank you
- Hi Heike,
My favorite features Javier presented today are the following:
1. Data connectors. {collecting different data from other MS services or third-party applications.}
2. Analytic rules. {The way to start detecting is enabling analytics rules, you always want to start from enabling necessary rules (NOT everything) as a best practice. }
3. Content hub (Preview) {a solution gallery}
4. Bi-direction synchronization between MS Sentinel and MS 365 Defender
5. MITRE ATT&CK (Preview) {a comprehensive heat map}
6. Playbook template for automating threat response {Logic app designer}
UEBA stands for User and Entity Behavior Analytics. It is used for collecting and analyzing data that Sentinel collects from different data sources, then being trained, and set some baselines for entities.
Thank you!
