Introduction
As Microsoft Sentinel collects logs and alerts from all of its connected data sources, it analyzes them. It builds baseline behavioral profiles of your organization’s entities (users, hosts, IP addresses, applications, etc.).
You're a Security Operations Analyst working at a company that implemented Microsoft Sentinel. The threat hunting team has raised concerns about a specific user account based on discovered threat indicators and needs to see a profile containing historical and related entity data quickly. You have the threat hunting team member navigate to the Entity behavior page to perform further analysis on the account.
By the end of this module, you'll be able to use entity behavior analytics in Microsoft Sentinel to identify threats inside your organization.
After completing this module, you'll be able to:
- Explain Entity Behavior Analytics in Microsoft Sentinel
- Explore entities in Microsoft Sentinel
- Use entity behavior in Analytical rules
Prerequisites
Knowledge of security incident management in Microsoft Sentinel