From the course: Implementing and Administering Microsoft Sentinel
Unlock the full course today
Join today to access over 24,300 courses taught by industry experts.
Hunting with bookmarks
From the course: Implementing and Administering Microsoft Sentinel
Hunting with bookmarks
- [Narrator] One of the features that streamlines and facilitates a more collaborative threat hunting process than Microsoft Sentinel is the hunting bookmark feature. So when we're hunting for threats proactively, oftentimes you're exploring a hypothesis and it may require multiple iterations before you reach conclusions. You may even need to collaborate with your colleagues who may need to review your query results. And bookmarks enable you to mark those items of interest so you or your colleagues may revisit them at a later time. So let's just take a look at hunting bookmarks in the Sentinel interface. Now I could run a canned query here from the hunting interface and make changes. I actually have a custom query I'd like to run, so I'll go straight to logs under the general menu. And I'm going to paste a query in here. And my query will find users who have been added to the global administrator role in Azure active directory. And my query results will show me the target user. In…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.