From the course: Implementing and Administering Microsoft Sentinel

Unlock the full course today

Join today to access over 24,300 courses taught by industry experts.

Hunting with bookmarks

Hunting with bookmarks

- [Narrator] One of the features that streamlines and facilitates a more collaborative threat hunting process than Microsoft Sentinel is the hunting bookmark feature. So when we're hunting for threats proactively, oftentimes you're exploring a hypothesis and it may require multiple iterations before you reach conclusions. You may even need to collaborate with your colleagues who may need to review your query results. And bookmarks enable you to mark those items of interest so you or your colleagues may revisit them at a later time. So let's just take a look at hunting bookmarks in the Sentinel interface. Now I could run a canned query here from the hunting interface and make changes. I actually have a custom query I'd like to run, so I'll go straight to logs under the general menu. And I'm going to paste a query in here. And my query will find users who have been added to the global administrator role in Azure active directory. And my query results will show me the target user. In…

Contents