From the course: Implementing and Administering Microsoft Sentinel
Join today to access over 23,200 courses taught by industry experts.
Detecting threats
From the course: Implementing and Administering Microsoft Sentinel
Detecting threats
- [Man] The primary means of detecting threats in Microsoft Sentinel is through detection rules. So in this video, we'll talk through rule authoring We'll take a look at some of the built in rules, but I want to focus on authoring your own custom rule, so you have some familiarity with that feature. So the rule types for threat detection that we can choose from are the scheduled query rule, which runs an analytics query on a schedule, a Microsoft incident creation rule, which creates an analytics rule that simply creates incidents based on alerts generated in another Microsoft security service. So not quite as much to configure there in terms of the rule properties. And then we have near-real-time analytics rules, a more recent addition to Microsoft Sentinel, which offers faster detections by running queries just one minute apart. So we're looking at a pretty small window of time at that point. Now, when we create a custom analytics rule, there are multiple steps. It begins with…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.