Azure/Microsoft Sentinel disable AI

Vos, Marten 20 Reputation points
2023-03-29T15:19:27.0733333+00:00

Hi,

is it possible to disable the integrated AI in MS Sentinel?

Azure OpenAI Service
Azure OpenAI Service
An Azure service that provides access to OpenAI’s GPT-3 models with enterprise capabilities.
2,218 questions
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
990 questions
Azure AI services
Azure AI services
A group of Azure services, SDKs, and APIs designed to make apps more intelligent, engaging, and discoverable.
2,415 questions
0 comments
Accepted answer
  1. Andrew Blumhardt 9,576 Reputation points Microsoft Employee
    2023-03-29T15:25:19.72+00:00

    No, not really. You can choose not to use UEBA and disable the fusion rule. These are the two primary advanced analysis activities. Customers may also use machine learning in a Notebook. There is no specific option to disable all advanced analysis activities. Though without these capabilities you Sentinel instance will lack some of the core functionality.

    I think the term AI is a bit of a stretch for Sentinel. Nothing like ChatGPT. More like correlation and anomaly detection (machine learning). Tracing tends to detect unusual deviations from a historic baseline.

    2 people found this answer helpful.
    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sedat SALMAN 13,170 Reputation points
    2023-03-29T15:24:08.69+00:00

    While it is not possible to disable the integrated AI in Microsoft Sentinel, it is possible to configure its behavior to suit your specific needs. Microsoft Sentinel provides several options for configuring the AI behavior, including adjusting the sensitivity levels and setting up custom rules.

    0 comments