Azure Sentinel FUSION: machine learning for a SecOps world

“Unlock the power of AI for security professionals by leveraging MS cutting edge research and best practices in ML, regardless of your current investment level in ML.”

az resource update — ids /subscriptions/{Subscription Guid}/resourceGroups/{Log analytics resource Group Name}/providers/Microsoft.OperationalInsights/workspaces/{Log analytics workspace Name}/providers/Microsoft.SecurityInsights/settings/Fusion — api-version 2019–01–01-preview — set properties.IsEnabled=true — subscription “{Subscription Guid}”
“Microsoft has three identity-centric security products offering detection capabilities across on-premise and in the cloud:* Azure Advanced Threat Protection (Azure ATP) identifies on-premises attacks* Azure Active Directory Identity Protection (Azure AD Identity Protection) detects and proactively prevents user and sign-in risks to identities in the cloud* Microsoft Cloud App Security (MCAS) identifies attacks within a cloud session, covering not only Microsoft products but also third-party applicationsWe are happy to announce that we have brought these together in a unified SecOps experience, which focuses on identity-based alerts and activities for true hybrid identity threat protection.”
1) Why are alerts noisy?2) How do experienced security analysts deal with this?3) How can we incorporate domain knowledge into the system?

“Connect Azure Advanced Threat Protection to Azure Sentinel: if your tenant is running the Azure ATP preview in Microsoft Cloud App Security, connect here to stream your Azure ATP alerts into Azure Sentinel.”

Azure AD identity protection· The user account signs in to an unusual location.
Cloud App Security
· The user’s mailbox gets a suspicious inbox forwarding rule.

--

--

--

Microsoft MVP and Microsoft Regional Director.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

GoByte Core v0.16 - now released!!

Getting Started with Ansible as a Fullstack Developer

How to find your first work/internship as a front-end developer

Align the project team on metrics: How .?

Investing in Tech Debt: Choose Wisely

Using Adapter pattern to solve REST API Versioning issues

Build your app using Ruby on Rails

ASP.Net Core Complex Model Binding

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Maarten Goet

Maarten Goet

Microsoft MVP and Microsoft Regional Director.

More from Medium

How to enhance Azure Security knowledge and Pass Azure Security Engineer Exam(AZ-500)

Introduction To Azure Pentesting.

Exploring Azure Resource Graph with Kusto

Getting Started with AKS