What is the benefit of using Azure Sentinel’s hunting and searching tools when I already use Azure Security alerts?

Saurabh Sharma 23,786 Reputation points Microsoft Employee
2020-05-06T20:43:39.98+00:00

What is the benefit of using Azure Sentinel’s hunting and searching tools when I already use Azure Security alerts?

[Note: As we migrate from MSDN, this question has been posted by an Azure Cloud Engineer as a frequently asked question]

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,050 questions
0 comments No comments
{count} votes

Accepted answer
  1. Marilee Turscak-MSFT 36,246 Reputation points Microsoft Employee
    2020-05-06T21:49:12.517+00:00

    Azure Sentinel's powerful hunting search-and-query tools, based on the MITRE framework, enable you to proactively hunt for security threats across your organization’s data sources, before an alert is triggered. After you discover which hunting query provides high-value insights into possible attacks, you can also create custom detection rules based on your query, and surface those insights as alerts to your security incident responders. While hunting, you can create bookmarks for interesting events, enabling you to return to them later, share them with others, and group them with other correlating events to create a compelling incident for investigation.

    Source: Azure Sentinel


0 additional answers

Sort by: Most helpful