HOTSPOT
-
You have an Azure subscription that contains the following resources:
• A virtual machine named VM1 that runs Windows Server
• A Microsoft Sentinel workspace named Sentinel1 that has User and Entity Behavior Analytics (UEBA) enabled
You have a scheduled query rule named Rule1 that tracks sign-in attempts to VM1.
You need to update Rule1 to detect when a user from outside the IT department of your company signs in to VM1. The solution must meet the following requirements:
• Utilize UEBA results.
• Maximize query performance.
• Minimize the number of false positives.
How should you complete the rule definition? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
donathon
Highly Voted 1 year, 9 months agosmanzana
Most Recent 11 months, 2 weeks agoostralo
1 year, 3 months agochepeerick
1 year, 8 months agoAnil0512
1 year, 8 months agoNabbo92
1 year, 10 months agoStudytime2023
11 months, 2 weeks agodanb67
1 year, 8 months ago