Skip to main content

Posts by: Liza Mash Levin

Machine Learning powered detections with Kusto query language in Azure Sentinel

Tuesday, 16 April 2019

As cyberattacks become more complex and harder to detect. The traditional correlation rules of a SIEM are not enough, they are lacking the full context of the attack and can only detect attacks that were seen before. This can result in false negatives and gaps in the environment. In addition, correlation rules require significant maintenance and customization since they may provide different results based on the customer environment.

Senior Program Manager Lead, Azure Sentinel team