Shannon Entropy evaluation for domains?

Sam Holmes 5 Reputation points
2024-06-20T08:10:55.9133333+00:00

Hi,

I've found the Entropy calculation for processes running on a device and I've noticed the previously posted questions similar to what I'm asking a few years ago but couldn't find a definitive answer.

Just wondering if there is a way of calculating the shannon entropy of a domain name to use for detections? Or is the functionality not in Sentinel at all? I know it is in Splunk.

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,165 questions
0 comments No comments
{count} vote

1 answer

Sort by: Most helpful
  1. Marilee Turscak-MSFT 36,886 Reputation points Microsoft Employee
    2024-06-21T21:45:10.7766667+00:00

    Hi @Holmes, Sam ,

    I reached out to a colleague on the Sentinel team to see if this is available, but as far as I am aware there nothing out-of-the-box for it. We have one example from our expert for process name entropy here: https://techcommunity.microsoft.com/t5/azure-sentinel/identifying-threat-hunting-opportunities-in-your-data/ba-p/915721

    I'll update this post if my Sentinel colleague is able to provide additional resources.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.