Skip to content
Branch: master
Find file History
Latest commit ffb6eb6 Aug 21, 2019

readme.md

About

  • This folder contains Detections based on different types of data sources that you can leverage in order to create alerts and respond to threats in your environment.
  • These detections are written using KQL query langauge and will provide you a starting point to protect your environment and get familiar with the different data tables.
  • To create the detection in your environment -
    • go to the 'Analytics' section
    • copy the required query
    • update the alert rule parameters according to the detection parameters - copy the name, the description, lookback time, threshold and severity.
    • the query will be simulated and you will be able to immediately see if a you have hits based on the detection.
    • create the alert rule
  • The rule created will run the query on the scheduled time that was defined, and trigger an alert that will be seen both in the SecurityAlert table and in a case in the Cases page

For questions or feedback, please contact AzureSentinel@microsoft.com

You can’t perform that action at this time.