Episode 36: Get Smarter with Entity Correlation + RBA in Sentinel

Detection Engineering Dispatch - A podcast by Anvilogic - Thursdays

Categories:

In this episode, host Alex Hurtado chats with Micah Funderburk and Alex Stemaly, two detection engineering forces from LastPass, about their impressive risk-based alerting (RBA) system within Microsoft Sentinel. Dive into the world of entity correlation as they break down tagging key entities, stacking risk scores, and leveraging Microsoft's Advanced Security Information Model for data normalization. Learn how RBA aggregates events to provide valuable context for security analysts and explore...