Lab 3: Create detections and perform investigations using Microsoft Sentinel
Exercise 1: Understand detection modeling
Following the successful migration of Splunk data into Microsoft Sentinel, Humongous IT moves forward in strengthening its defense mechanisms. Sydney Mattos, the Security Operations Analyst, is now tasked to understand detection modeling. This crucial step in their security enhancement initiative focuses on analyzing simulated attacks and developing detection models. Her work aims to fortify Humongous IT’s threat identification capabilities, an essential upgrade in the company’s proactive defense strategy post-migration.
The following documents may help you understand detection modeling in Microsoft Sentinel.
- Work with anomaly detection analytics rules in Microsoft Sentinel
- Tutorial: Detect threats by using analytics rules in Microsoft Sentinel