Liza Mash Levin bejegyzései

Machine Learning powered detections with Kusto query language in Azure Sentinel

2019. április 16., kedd

As cyberattacks become more complex and harder to detect. The traditional correlation rules of a SIEM are not enough, they are lacking the full context of the attack and can only detect attacks that were seen before. This can result in false negatives and gaps in the environment. In addition, correlation rules require significant maintenance and customization since they may provide different results based on the customer environment.

Senior Program Manager Lead, Azure Sentinel team