Chapter 10: Configuring and Using Entity Behavior

In the previous chapters, you learned about incident investigation and how to obtain more information regarding the incident. By using KQL queries and performing a graphical investigation, you can get more information about the incident. You learned how to find alerts and incidents related to the one you are investigating and learned how the entities are related.

In this chapter, you will learn about another way to obtain more information about your incident by using Entity behavior.

We will cover the following topics in this chapter:

Introduction to Azure Entity behavior
Enabling Entity behavior
Overview of the Entity behavior page
Overview of the Entity behavior details page
Creating Entity ...

Get Microsoft Sentinel in Action - Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Microsoft Sentinel in Action - Second Edition by Richard Diver, Gary Bushey, John Perkins

Chapter 10: Configuring and Using Entity Behavior

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly