Machine Learning powered detections with Kusto query language in Azure Sentinel

added by DotNetKicks
4/16/2019 4:19:18 PM

1 Kicks, 136 Views

As cyberattacks become more complex and harder to detect. The traditional correlation rules of a SIEM are not enough, they are lacking the full context of the attack and can only detect attacks that were seen before. This can result in false negatives and gaps in the environment.