Is anyone using Microsoft Sentinel to analyze their Audit Stream?
Yes in my org; the security team is monitoring the stream
I have the stream going to Splunk but I have to create the queries myself. Its fine if I know what I want to look for. I wonder if Sentinel would help with that data mining.
Sentinel has a set of rules templates; we’re using the Azure DevOps template.
Also we’re adding new rules when we find something interesting that’s not covered by Sentinel template.