Azure Sentinel (Log) Analytics (Workspace)

nwsentinel4 201 Reputation points
2020-11-19T12:33:12.783+00:00

Dear Sir/Madam,

Use Case:

  1. Deploying a fast solution for the Mitre Att&ck Framework analysis:

https://github.com/BlueTeamLabs/sentinel-attack/wiki

Solution we seek:

  1. Mass Enable Categories of the Analytics Templates (ask for select, or filter aka Security Rules, Syslog, Firewall etc) to be enable with default Rules and Select Logic App by variable at the End of the Enabling of the Rule alert.
  2. Template the whole thing for rapid deployment by exporting/importing it with a Logic App Variable option.

Thank you in advance!

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,135 questions
{count} votes

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.