Stay Ahead of the Game with Microsoft Sentinel's Analytics Rule Health Monitoring and Integrity Auditing.
🛡️🛡️Stay Ahead of the Game with Microsoft Sentinel's Analytics Rule Health Monitoring and Integrity Auditing.🛡️🛡️
Microsoft Sentinel's new Analytics Rule Health Monitoring & Integrity Auditing capabilities allow organizations to monitor the health of analytics rules and changes, improving accuracy and efficiency of security operations.
Analytics Health Monitoring provides insights into rule running statuses and can be used in the rule creation process in production and pre-production environments. Audit monitoring provides a comprehensive view of rule changes, helping organizations detect unauthorised changes that may compromise security.
This feature allows:
🔥Microsoft Sentinel analytics rule health logs: ✔️This log captures events that record the running of analytics rules, and the end result of these runnings—if they succeeded or failed, and if they failed, why. ✔️The log also records how many events were captured by the query, whether or not that number passed the threshold and caused an alert to be fired. ✔️These logs are collected in the SentinelHealth table in Log Analytics.
🔥Microsoft Sentinel analytics rule audit logs: ✔️This log captures events that record changes made to any analytics rule, including which rule was changed, what the change was, the state of the rule settings before and after the change, the user or identity that made the change, the source IP and date/time of the change, and more. ✔️These logs are collected in the SentinelAudit table in Log Analytics.
Want to learn how to enable this amazing feature? 💡