How to Locate and Enable the Analytics Rules After Installing the Maturity Model for Event Log Management for Microsoft Sentinel

We’ve recently released an excellent and much anticipated Solution for further monitoring Microsoft Sentinel health. The Solution can be found in the Content Hub and installation is easy.

See the announcement for detailed information: Modernize Log Management with the Maturity Model for Event Log Management (M-21-31) Solution

With all the cool content included with this Solution, you probably want to take advantage of it right away – particularly the Analytics Rules – so you can be notified of important environment health concerns. The Analytics Rules need to be enabled but finding them needs a bit of clarity.

In the Analytics Rules blade, search the Active Rules for (Preview)M2131. This will expose all the new rules. You can either choose to enable only the ones you deem worthy or enable all of them by multi-selecting and choosing the Enable button.

Finding Nemo

Incidentally, the Hunting Rules supplied with the Solution can be located in the Hunting blade by using just M2131 as the filter term.

Finding Dory

For the Playbooks, you’ll need to search by each name and the Workbook is enabled by default and is named: MaturityModelForEventLogManagementM2131


[Want to discuss this further? Hit me up on Twitter or LinkedIn]

[Subscribe to the RSS feed for this blog]

[Subscribe to the Weekly Microsoft Sentinel Newsletter]

[Subscribe to the Bi-Weekly Defender for Cloud Newsletter]

[Learn KQL with the Must Learn KQL series and book]