Professional Documents
Culture Documents
Manage Microsoft Sentinel Analytics Rules Slides
Manage Microsoft Sentinel Analytics Rules Slides
Analytics Rules
Michael J. Teske
Principal Author Evangelist-Pluralsight
Manage Microsoft Sentinel Analytics Rules
Respond to threats
Generates incidents with automatic
to be triaged tracking and
remediation
Design and Configure Analytics Rules
Event Grouping
- Group all events into single alert
- Trigger an alert for each rule
Suppression
- Set the Stop running query after alert is
generated to On
Automated Responses
Activate Microsoft Security Analytical Rules
Ingestion delay
- Runs scheduled rules on a 5 minute delay
from scheduled time
Alert threshold
- Set to zero if you want every event
registered
Query Scheduling
Define Incident Creation Logic
Define Incident
Creation Logic
Allows you to choose how Sentinel can
turn alerts into actionable incidents
Incident Logic Options