To view all the out-of-the-box detections, go to Analytics and then Rule templates.
This tab contains all the Azure Sentinel built-in rules.
1. FusionBased on Fusion technology, advanced multistage attack detection in Azure Sentinel uses scalable machine learning algorithms that can correlate many low-fidelity alerts and events across multiple products into high-fidelity and actionable incidents. Because the logic is hidden and therefore not customizable, you can only create one rule with this template.
2. Machine learning behavioral analyticsThese templates are based on proprietary Microsoft machine learning algorithms, so you cannot see the internal logic of how they work and when they run. Because the logic is hidden and therefore not customizable, you can only create one rule with each template of this type.
3. ScheduledScheduled analytics rules are based on built-in queries written by Microsoft security experts. You can see the query logic and make changes to it. You can use the scheduled rules template and customize the query logic and scheduling settings to create new rules.
Under the Azure Sentinel Documentation: "Tutorial: Detect threats out-of-the-box"
There are 3 types of out-of-the-box detection rules:
a. Fusion
b. Machine learning behavioral analytics
c. Scheduled
Query: If we ingest data into Sentinel through the "logstash" connector, the data goes to Custom Log Tables with postfix "Logfilename_CL".
Can we apply or utilize above mentioned 3 types of out-of-the-box detection rules on these Custom Log Tables?
