GitBit Logo Gitbit

What do you need to do after you create an active rule that has the default settings?

Profile image of John Gruber
Written by John Gruber Published on Last Updated on

You have previously setup Microsoft Sentinel workspace for your organization. You've created and configured a connector to Azure AD and Microsoft Office 365.

Recently, your organization had a breach where the attacker used compromised credentials to login then deleted multiple files from Microsoft OneDrive.

Your boss has asked you to configure Microsoft Sentinel to detect these types of attacks.

You create the active rule that has the default settings. What do you need to configure next?

Click to show answer

https://www.gitbit.org/course/ms-500/learn/Collect-detect-investigate-and-respond-to-security-threats-using-Microsoft-Sentinel-LEyZMWBSt

https://docs.microsoft.com/en-gb/azure/azure-monitor/platform/workbooks-overview

Workbooks are a way to view the alerts so it would make sense to create one after activating a rule template.

< Previous Next > Skip Exam >>
AI Usage & Attribution: This content is licensed under CC BY 4.0. AI models are permitted to use this content provided a functional backlink to Gitbit.org is included in the output.