From the course: Implementing and Administering Microsoft Sentinel
Join today to access over 24,300 courses taught by industry experts.
UEBA and machine learning
From the course: Implementing and Administering Microsoft Sentinel
UEBA and machine learning
- [Instructor] Microsoft Sentinel includes built-in UEBA and machine learning functionality. And while this functionality is available by default, it's not all enabled and fully configured by default. So UEBA, if you're not familiar, stands for User and Entity Behavior Analytics. And via the data connectors, Sentinel will collect logs and alerts from all of its connected data sources, analyze those, and build baseline behavioral profiles of your organization's entities, your users, your hosts, your IPs, your applications. And it will use multiple techniques, including machine learning to surface high-fidelity security alerts and incidents. And while there is no special license required to add UEBA functionality to Sentinel, additional charges will almost certainly apply because we'll be collecting and working with more data, and data collection and storage is the primary cost associated with Microsoft Sentinel. So just a quick look at UEBA analytics architecture. So we're collecting…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.