Tuning the MCAS Analytics Rule for Azure Sentinel: System Alerts and Feature Deprecation

I noted recently how powerful and valuable Microsoft Cloud App Security (MCAS) is, but also how noisy it can make the Azure Sentinel console unless the MCAS policies are tuned correctly. See: Tuning the Noise Out of MCAS for Azure Sentinel That post struck a chord with a number of people. So, I thought I'd … Continue reading Tuning the MCAS Analytics Rule for Azure Sentinel: System Alerts and Feature Deprecation

Tuning the Noise Out of MCAS for Azure Sentinel

It's funny, the first question out of my mouth when a customer asks for help tuning the noise for Azure Sentinel is: "Is your noisiest connection MCAS, by any chance?" 95% of the responses are a resounding: "Yes" Most customers think that it's Azure Sentinel's problem, but it's not. It's actually a tuning issue for … Continue reading Tuning the Noise Out of MCAS for Azure Sentinel