Ana içeriğe atla

Liza Mash Levin tarafından yazılan gönderiler

Machine Learning powered detections with Kusto query language in Azure Sentinel

16 Nisan 2019 Salı

As cyberattacks become more complex and harder to detect. The traditional correlation rules of a SIEM are not enough, they are lacking the full context of the attack and can only detect attacks that were seen before. This can result in false negatives and gaps in the environment. In addition, correlation rules require significant maintenance and customization since they may provide different results based on the customer environment.

Senior Program Manager Lead, Azure Sentinel team