SOCEntityTriageWorkbook 联合开发网

Pudn.com > 下载中心 > 硬件设计 > SOCEntityTriageWorkbook

SOCEntityTriageWorkbook

所属分类：硬件设计
开发工具：Others
文件大小：0KB
下载次数：0
上传日期：2024-03-07 13:54:17
上传者：sh-1993

说明： SOC实体分类工作簿旨在通过在Azure Sentinel中提供全面的交互式分析工具来增强安全运营中心（SOC）的分类过程。此工作簿旨在简化对实体（如IP地址、主机名、AD用户和电子邮件帐户）的调查，。
(The SOC Entity Triage workbook is designed to enhance the triage process for security operation centers (SOCs) by providing a comprehensive and interactive analysis tool within Azure Sentinel. This workbook aims to streamline the investigation of entities such as IP addresses, hostnames, AD users, and email accounts,.)

文件列表:

Queries/
SOC Entity Triage.json

# SOC Entity Triage Workbook for Azure Sentinel ![Image Header](https://i.imgur.com/G0wn5vY.png) ## Overview The SOC Entity Triage workbook is designed to enhance the triage process for security operation centers (SOCs) by providing a comprehensive and interactive analysis tool within Azure Sentinel. This workbook aims to streamline the investigation of entities such as IP addresses, hostnames, AD users, and email accounts, by presenting relevant security data and insights through a series of visualizations and queries. This workbook includes filters for separate workspaces within an environment that uses Azure Lighthouse to integrate multiple client environments in a single tenant. ## Features - **Entity Analysis**: Analyze different entity types including private and public IP addresses, hostnames, AD users, and email accounts. - **Interactive Visualizations**: Utilize KQL (Kusto Query Language) to query Azure Sentinel data and visualize the results in a user-friendly manner. - **Customizable Time Range**: Filter data within specific time frames to focus on the events relevant to your investigation. - **Comprehensive Data Points**: Access detailed information on security alerts, sign-in logs, email triage, host triage, and more, tailored to the entity being investigated. ## Getting Started ### Prerequisites - Azure Sentinel environment setup. - Permission to access and create workbooks within Azure Sentinel. ### Installation 1. Navigate to **Azure Sentinel** > **Workbooks** in the Azure portal. 2. Click on **+ Add workbook**. 3. Select the **Advanced editor** tab and paste the JSON configuration for the SOC Entity Triage workbook. 4. Save the workbook to make it available in your Azure Sentinel environment. ### Usage - Open the SOC Entity Triage workbook from the Azure Sentinel > Workbooks gallery. - Select an entity type and specify the entity you wish to investigate. - Use the interactive controls to filter by time range and other parameters relevant to your analysis. ![Workbook Preview](https://i.imgur.com/c3jfV01.png) ## Contributing Your contributions are welcome! Please feel free to submit pull requests or open issues to improve the workbook or add new features.

近期下载者：

相关文件：

评论：[我要评论] [举报此文件]

收藏者：