Azure Sentinel News
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence
No Result
View All Result
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence
No Result
View All Result
Azure Sentinel News
No Result
View All Result
Home IR

Azure Sentinel Daily Task: Analytics Rules

Azure Sentinel News Editor by Azure Sentinel News Editor
December 31, 2020
in IR
0
Microsoft brings endpoint & Azure security under Microsoft Defender
4.9kViews
577 Shares Share on Facebook Share on Twitter

This is part of a continuing series in relation to the Suggested Daily, Weekly, and Monthly Tasks for Azure Sentinel, which outlines tasks for security analysts. In this article, I’ll talk about investigating incidents as part of a daily regimen for an Azure Sentinel analyst. There’s deeper discussions and training that’s required to get a good handle on the ins-and-outs of working with Azure Sentinel. I won’t dig deep into those here, but instead give an overview for this specific daily task.

For customers that want deeper dives for Azure Sentinel, you have a few options:

In fact, this particular blog series is being developed into a workshop on its own and will also cover the additional, deeper knowledge for taking next steps.

Digging in

Identify any newly released (or newly available due to recently connected Data Connectors) Analytics Rules. Enable those that are applicable.

To do this, dig into the Data Connector properties and identify any Analytics Rules that haven’t been enabled. As shown in the image, those that are enabled will show an “In Use” indicator. Those that need to be reassessed to enable.

(click on each image for a larger view)

When new Analytics Rules are enabled, it’s a good time to review your Playbooks and potentially assign automation to a newly enabled Analytics Rule. Remember, that applying automation needs to be methodical, well thought through, and logical. You’d hate to lock your CEO out their user account for doing something out of the ordinary but still valid.

When new Analytics Rules are found and enabled, make sure to take a careful approach and adjust scheduling and thresholds for what makes the best sense for your environment.

Additionally, based on the new Analytics Rules, you may need to either create new Playbooks or adjust any existing ones to provide appropriate automation.

Again, for customers that want deeper dives for Azure Sentinel, either sift through our docs platform or contact your TAM and ask about our Azure Sentinel workshop/POC.

Reference: https://azurecloudai.blog/2020/05/18/azure-sentinel-daily-task-analytics-rules/

Azure Sentinel News Editor

Azure Sentinel News Editor

Related Posts

What’s new: Microsoft Teams connector in Public Preview
IR

How to Generate Azure Sentinel Incidents for Testing

February 26, 2021
Microsoft’s newest sustainable datacenter region coming to Arizona in 2021
IR

The Holy Grail of Azure Sentinel Data Connections: The Azure Service Diagnostic Setting

February 22, 2021
With new release, CrowdStrike targets Google Cloud, Azure and container adopters
IR

Understanding the Little Blue Permissions Locks in Azure Sentinel Data Connectors

February 8, 2021
Next Post
Microsoft goes direct with WA govt with new Whole of Govt agreement

Multi-workspace View for Azure Sentinel Now in Public Preview

Enriching Windows Security Events with Parameterized Function

Tools and Resources to Practice Your Azure Sentinel KQL-fu

With new release, CrowdStrike targets Google Cloud, Azure and container adopters

Exporting Events from Disconnected Systems to Ingest into Azure Sentinel

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Follow Us

  • 21.8M Fans
  • 81 Followers

Recommended

Microsoft bolsters threat prevention capabilities for enterprises

The Cloud Collective deploys Microsoft 365 for NRMA Insurance

3 months ago
Azure Stack and Azure Arc for data services from Blog Posts – SQLServerCentral

How to Protect Office 365 with Azure Sentinel

2 months ago
Microsoft is quietly becoming a cybersecurity powerhouse

Windows Server Netlogon Exploit Code Publicly Exposed, CISA Warns

3 months ago
WA strikes govt-wide cloud deal with Microsoft

Satya Nadella’s 5 Biggest Statements At Microsoft Ignite 2020

3 months ago

Instagram

    Please install/update and activate JNews Instagram plugin.

Categories

  • AI & ML
  • Artificial Intelligence
  • Incident Response
  • IR
  • KQL
  • Security and Compliance
  • Security Ochestration & Automated Response
  • Security Operations
  • SIEM
  • SOAR
  • SOC
  • Threat Intelligence
  • Uncategorized

Topics

anomaly automation Azure Azure DevOps Azure Security Center Azure Sentinel Azure Sentinel API Azure Sentinel Connector BlueVoyant Call cybersecurity Detection file GitHub Hunting Huntingy IAC incident response Incident Triage infrastructure as code Investigation jupyter LAQueryLogs MDR Microsoft microsoft 365 mssp Multitenancy Notebooks Pester Playbooks PowerShell python Records Security Sentinel Sharing SIEM signin Supply Chain teams Threat hunting Watchlists Workbooks XDR
No Result
View All Result

Highlights

The Holy Grail of Azure Sentinel Data Connections: The Azure Service Diagnostic Setting

New Items of Note on the Azure Sentinel GitHub Repo

Tuning the MCAS Analytics Rule for Azure Sentinel: System Alerts and Feature Deprecation

New Search Capability for Azure Sentinel Incidents

Follow-up: Microsoft Tech Talks Practical Sentinel : A Day in the Life of a Sentinel Analyst

Changes in How Running Hunting Queries Works in Azure Sentinel

Trending

What’s new: Microsoft Teams connector in Public Preview
AI & ML

Azure Sentinel Weekly Newsletter

by Azure Sentinel News Editor
March 1, 2021
0

I’ve sensed this for a while now, but a few days ago it really hit me —...

What’s new: Microsoft Teams connector in Public Preview

How to Generate Azure Sentinel Incidents for Testing

February 26, 2021
What’s new: Microsoft Teams connector in Public Preview

Azure Sentinel Notebooks Loses It’s Preview Tag

February 25, 2021
Microsoft’s newest sustainable datacenter region coming to Arizona in 2021

The Holy Grail of Azure Sentinel Data Connections: The Azure Service Diagnostic Setting

February 22, 2021
Microsoft’s newest sustainable datacenter region coming to Arizona in 2021

New Items of Note on the Azure Sentinel GitHub Repo

February 18, 2021

We bring you the best, latest and perfect Azure Sentinel News, Magazine, Personal Blogs, etc. Visit our landing page to see all features & demos.
LEARN MORE »

Recent News

  • Azure Sentinel Weekly Newsletter March 1, 2021
  • How to Generate Azure Sentinel Incidents for Testing February 26, 2021
  • Azure Sentinel Notebooks Loses It’s Preview Tag February 25, 2021

Categories

  • AI & ML
  • Artificial Intelligence
  • Incident Response
  • IR
  • KQL
  • Security and Compliance
  • Security Ochestration & Automated Response
  • Security Operations
  • SIEM
  • SOAR
  • SOC
  • Threat Intelligence
  • Uncategorized

[mc4wp_form]

Copyright © 2020 - Azure Sentinel News

No Result
View All Result
  • Home
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence

Copyright © 2020 Azure Sentinel News