Question 5 of 9

Your organization has a Microsoft Sentinel workspace that has a connector configured to Azure AD and Microsoft Office 365.

You need to configure a Fusion rule template to detect multistage attacks where users sign in by using compromised credentials. Then they delete multiple files from Microsoft OneDrive.

What do you need to do after you create an active rule that has the default settings?

https://www.gitbit.org/course/ms-500/learn/Collect-detect-investigate-and-respond-to-security-threats-using-Microsoft-Sentinel-LEyZMWBSt

https://docs.microsoft.com/en-gb/azure/azure-monitor/platform/workbooks-overview

Workbooks are a way to view the alerts so it would make sense to create one after activating a rule template.