Connect with experts and redefine what’s possible at work – join us at the Microsoft 365 Community Conference May 6-8. Learn more >
Recent DiscussionsMost RecentNewest TopicsMost LikesSolutionsTagged:TagRe: WDATP integration - Connector carringtonMT1-_ End of Sept. 2019 is the ETA for WDATP (alerts) connector Re: Still skeptical about "built-in" Machine Learning in Sentinel Azure Sentinel ML blog was published this morning. Here is the link: https://azure.microsoft.com/en-us/blog/reducing-security-alert-fatigue-using-machine-learning-in-azure-sentinel/ Re: Still skeptical about "built-in" Machine Learning in Sentinel Azure Sentinel webinar: https://aka.ms/AzureSentinelWebinar. Re: WDATP integration - ConnectorWindows Defender ATP connector is in works.Re: Still skeptical about "built-in" Machine Learning in Sentinel There is an impending blogpost about AI/ML in Azure Sentinel. I'll provide link here when the blog is live. In short, Fusion uses state of the art scalable learning algorithms to correlate millions of low fidelity anomalous activities from different services and products into high fidelity actionable cases so as to drastically decrease false positive rate. From our measurement with external customers and internal evaluation, we have a median 94% reduction in alert fatigue. The following scenarios are supported in Fusion now. We are going to add more. Anomalous Login followed by O365 Mailbox Exfiltration Anomalous Login followed by Mass File deletion Anomalous Login followed by Ransomware in Cloud App Anomalous Login followed by Mass File Download Anomalous Login followed by Suspicious Cloud App Administrative Activity Anomalous Login followed by Mass File Sharing Anomalous Login followed by O365 Impersonation To get alert of above scenarios, you need Azure Active Directory Identity Protection and Microsoft Cloud App Security (MCAS) running, Fusion enabled, and at least one of the attack scenarios happens. Azure Sentinel also supports built-in ML model and Built-Your-Own ML which are in private preview. Please send an email to askepd@microsoft.com if you want to learn more about them or enable those ML features.
Recent Blog ArticlesMost RecentMost LikesMicrosoft Defender Experts services are now HIPAA and ISO certified Certifications demonstrate our commitment to protecting our customers data and privacy. Democratize Machine Learning with Customizable ML Anomalies Security analyst can tune anomaly models to minimize benign positive rates in their environment with no knowledge of ML. Re: Democratize Machine Learning with Customizable ML Anomalies PJR_CDF There is a delay on our end due to other high priority work. We are working on a blog about anomaly simulator. It will be published soon. Re: Democratize Machine Learning with Customizable ML Anomalies Sasuke_Ziy I would love to hear your thought on where and how you want to view the anomalies? Re: Democratize Machine Learning with Customizable ML Anomalies mongie105 Sorry for the late reply. Customizable anomalies are available in Australia regions now. We are rolling out to all Sentinel regions in phases. The anomalies are available in the following r...
MicrosoftMicrosoftMicrosoftMicrosoft
