Join me as we walk through creating a custom Microsoft Sentinel Analytics Rule using KQL to identify suspicious login patterns based on failed attempts. We will explore the different components of creating these custom rules, what tuning looks like, and creating incidents from the rules.
A summary update on Azure news that includes updates released from Microsoft Azure related to Azure, Architecture, Compute, and Sentinel topics. Save time digging around to find recent releases and changes. It’s a lighter bi-weekly post than usual, so go & enjoy your Saturday everyone!
Join me for the final article in the min-series on Enhancing Microsoft Sentinel. Today, we review ongoing optimizations and how to stay ahead of emerging threats.