Azure Sentinel has embraced Machine Learning (ML) in the core of the service from its creation, giving security folks, data analysts, and engineers extremely deep and accurate information around resource alerting. There are three pillars of ML in Sentinel - Fusion, built-in, and build your own - and understanding how they work and how to create and use them is essential to assist with reducing alerting fatigue. In this session we will cover how ML works within Sentinel, how to configure it, and look at some demo scenarios to better understand why it is important.
You will learn:
- How Azure Sentinel works with Machine Learning and the three pillars of ML
- How ML works to triage alerting, reducing alert fatigue and how to configure it
- What toolkits are available to assist with alerting from Sentinel