Microsoft Sentinel Flashcards
Microsoft Sentinel
Microsoft Sentinel is a scalable, cloud-native solution that provides: Security information and event management (SIEM) Security orchestration, automation, and response (SOAR)
What is Hunting in Microsoft Sentinel?
The hunting dashboard enables you to run all your queries, or a selected subset, in a single selection. In the Microsoft Sentinel portal, select Hunting. The table shown lists all the queries written by Microsoft’s team of security analysts and any extra query you created or modified.
What is Livestream in Hunting
Use hunting livestream to create interactive sessions that let you test newly created queries as events occur, get notifications from the sessions when a match is found, and launch investigations if necessary.
What is bookmarks in hunting
Hunting bookmarks in Microsoft Sentinel help you do this, by preserving the queries you ran in Microsoft Sentinel - Logs, along with the query results that you deem relevant. You can also record your contextual observations and reference your findings by adding notes and tags.
What is search jobs in Microsoft Sentinel
In Microsoft Sentinel, you can search across long time periods in large datasets by using a search job.
What is Workspace in Microsoft Sentinel?
When you onboard Microsoft Sentinel, your first step is to select your Log Analytics workspace. While you can get the full benefit of the Microsoft Sentinel experience with a single workspace, in some cases, you might want to extend your workspace to query and analyze your data across workspaces and tenants. Learn more about
What is Enable User and Entity Behavior Analytics (UEBA) in Microsoft Sentinel
As Microsoft Sentinel collects logs and alerts from all of its connected data sources, it analyzes them and builds baseline behavioral profiles of your organization’s entities (such as users, hosts, IP addresses, and applications) across time and peer group horizon. Using a variety of techniques and machine learning capabilities, Microsoft Sentinel can then identify anomalous activity and help you determine if an asset has been compromised.
