Exercise 4: Create Detections
At Humongous IT, with Microsoft Sentinel in place, the Security Operations team will leverage Log Analytics KQL queries to craft custom analytics rules. These rules aim to identify threats and unusual behaviors, alert on significant event conditions, generate incidents for investigation, and automate threat remediation processes.
Analytics rules search for specific events or sets of events across your environment, alert you when certain event thresholds or conditions are reached, generate incidents for your SOC to triage and investigate, and respond to threats with automated tracking and remediation processes.
An interactive lab simulation is available that allows you to click through this lab scenario at your own pace. You may find slight differences between the interactive simulation and the hosted lab, but the core concepts and ideas being demonstrated are the same.