Introduction in Microsoft Sentinel Watch Lists
Автор: Jeroen Niesen
Загружено: 2021-04-26
Просмотров: 3410
Описание:
Often we see scheduled detections in Microsoft Sentinel (previously known as Microsoft Sentinel) that have "lists" of users, computers or other resources in it. Items in these lists help us detecting cyber security threats. Most of the time these lists are used to exclude some users/resources from the detection, or include them. In Sentinel it is possible to use watch lists in combination with KQL to detect cyber security threats. When a list changes, it is no longer needed to update all detections that use this list.
▼ In this video:
0:00 - Introduction
2:09 - Coffee
3:24 - Demo 1 - Update KQL detection to work with watchlists
10:56 - Demo 2 - Update Watch List with new data
12:39 - Outro
▼ Social Jeroen Niesen
Twitter: / jeroenniesen
▼ Social AzureVlog
Twitter: / azurevlog
Повторяем попытку...
Доступные форматы для скачивания:
Скачать видео
-
Информация по загрузке:
