We’ve recently released an excellent and much anticipated Solution for further monitoring Microsoft Sentinel health. The Solution can be found in the Content Hub and installation is easy.
See the announcement for detailed information: Modernize Log Management with the Maturity Model for Event Log Management (M-21-31) Solution
With all the cool content included with this Solution, you probably want to take advantage of it right away – particularly the Analytics Rules – so you can be notified of important environment health concerns. The Analytics Rules need to be enabled but finding them needs a bit of clarity.
In the Analytics Rules blade, search the Active Rules for (Preview)M2131. This will expose all the new rules. You can either choose to enable only the ones you deem worthy or enable all of them by multi-selecting and choosing the Enable button.
Incidentally, the Hunting Rules supplied with the Solution can be located in the Hunting blade by using just M2131 as the filter term.
For the Playbooks, you’ll need to search by each name and the Workbook is enabled by default and is named: MaturityModelForEventLogManagementM2131
[Subscribe to the RSS feed for this blog]
[Subscribe to the Weekly Microsoft Sentinel Newsletter]
[Subscribe to the Bi-Weekly Defender for Cloud Newsletter]
[Learn KQL with the Must Learn KQL series and book]