Microsoft Sentinel Incident Investigation and Incident Management
Вставка
- Опубліковано 5 вер 2024
- After you connected your data sources to Microsoft Sentinel, you want to be notified when something suspicious happens. To enable you to do this, Microsoft Sentinel lets you create advanced analytics rules that generate incidents that you can assign and investigate.
Investigate incidents
Use the investigation graph
An incident can include multiple alerts. It's an aggregation of all the relevant evidence for a specific investigation. An incident is created based on analytics rules that you created in the Analytics page. The properties related to the alerts, such as severity and status, are set at the incident level. After you let Microsoft Sentinel know what kinds of threats you're looking for and how to find them, you can monitor detected threats by investigating incidents.
learn.microsof...
learn.microsof...
very Understandable video so far
Thanks!
I really appreciate your work, Bro. I could not thank you enough for your video. You really make it Very simple and easy to understand.
I just want to wish you all success and achievements.
Keep Up!! The good work.
Thanks☺
You are most welcome
How do you block, Sandbox, or Isolate devices or Networks?
thank you
You're welcome
Awesome video
Thank bro
Glad you liked it
Superb 👌👌👌
Thanks 🤗
Awesome
How to Identify the Incident is a "True Positive or false Positive" and can you explain one true positive case Incident. It will helpfull
Basically if it is related to some Malicious activities or there are some malicious Entities Like IP, URL, DNS, etc. You can treat that as a True positive.
False positive is something which have Inaccurate or incomplete data.
Amazing
Thank you! Cheers!
Hi , how do we reach you
Please email me at "whiteeyesec@gmail.com". Thank You.
not great