cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Lost/Stolen Device Sentinel Actions

shawninfinity
Copper Contributor

‎Sep 04 2023 03:38 AM

‎Sep 04 2023 03:38 AM

Lost/Stolen Device Sentinel Actions

Hello,

 

Very new to Sentinel so forgive me if this is an easy one! I was wondering if there was anything you would recommend to do in Sentinel for a device that is lost/stolen? Maybe create an alert if it attempts to contact the network/is logged in to? How would you go about doing it?

 

Thank you!

Labels:
315 Views
0 Likes
1 Reply
Reply
1 Reply
Clive_Watson

‎Sep 04 2023 11:21 AM

‎Sep 04 2023 11:21 AM

Re: Lost/Stolen Device Sentinel Actions

So you'd have to know that the device is stolen first, you dont mention the product that feeds Sentinel, so lets assume for now that you "know". If you know the name or details, then I'd probably populate a Watchlist of known stolen devices https://learn.microsoft.com/en-us/azure/sentinel/watchlists and generate an alert if any of those are seen in the Logs.
0 Likes
Reply