Thanks to a huge collaborative effort, there’s now some additional value in the Microsoft Security Operations Guide – specifically for Microsoft Sentinel customers.
You can locate the full Security Operations Guide at the following link: https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/security-operations-introduction
Inside the guide, in each operations section you’ll find a Things to Monitor table. This table provides guidance and knowledge about the things for each area that are important to monitor for security purposes.
In most of the tables there are now links to Microsoft Sentinel Analytics Rules templates so you can easily deploy them to automatically monitor for those critical components. Keep watch as more enhancements are coming.
[Subscribe to the RSS feed for this blog]
[Subscribe to the Weekly Microsoft Sentinel Newsletter]
[Subscribe to the Weekly Microsoft Defender Newsletter]
[Learn KQL with the Must Learn KQL series and book]