GitBit
BlogFirst lesson
Sign Up

Question 1

Your organization has a Microsoft Sentinel workspace that has a connector configured to Azure AD and Microsoft Office 365.

You need to configure a Fusion rule template to detect multistage attacks where users sign in by using compromised credentials. Then they delete multiple files from Microsoft OneDrive.

What do you need to do after you create an active rule that has the default settings?