Use UEBA in Microsoft Sentinel to your advantage
Cloudbrothers
2022-09-08 14:28:21
收藏
When using Microsoft Sentinel you can connect multiple sources as data connectors. By default all connected sources will ingest their information to predefined tables in the Log Analytics workspace, backing the Microsoft Sentinel instance. You then can query this data using analytic rules or hunting queries to identify abnormal behavior. But for a few of those data connectors Microsoft is offering an additional feature called “User and Entity Behavior Analytics” or UEBA for short.
目录
最新
- Remove old or orphaned Sentinels from the XDR Streaming API
- Detect threats using GraphAPIAuditEvents - Part 3
- Workshop: Kusto Graph Semantics Explained
- EDR Silencers and Beyond: Exploring Methods to Block EDR Communication - Part 1
- You always trust your CSP - Cross Tenant MFA and GDAP
- Find lateral movement paths using KQL Graph semantics
- Data Protection Made a Breeze: MDA integration in Edge for Business
- Passkey Public Preview for Entra ID