From the course: Implementing and Administering Microsoft Sentinel
Join today to access over 24,900 courses taught by industry experts.
Threat hunting basics
From the course: Implementing and Administering Microsoft Sentinel
Threat hunting basics
- [Instructor] So you or your security team almost certainly want to get ahead of potential threats, which means you want to proactively investigate some of the anomalous activities that come up across the various services in your environment. And that's where proactive threat hunting comes into play. And Microsoft Sentinel includes a number of built-in hunting queries intended to guide you into asking the right questions, to filter the noise, to get to potential issues in the massive collection of data you've captured in that log analytics backend. They're hunting queries rather than queries to drive alerts because they help investigate anomalous activities, but they don't always indicate threat. And they, typically, require human inspection. A good example is the uncommon processes query, which provides data about the least common processes running in your infrastructure. You wouldn't want an alert each time that query is run because those processes might be entirely innocent, but…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.