Episode 36: Get Smarter with Entity Correlation + RBA in Sentinel

In this episode, host Alex Hurtado chats with Micah Funderburk and Alex Stemaly, two detection engineering forces from LastPass, about their impressive risk-based alerting (RBA) system within Microsoft Sentinel. Dive into the world of entity correlation as they break down tagging key entities, stacking risk scores, and leveraging Microsoft's Advanced Security Information Model for data normalization. Learn how RBA aggregates events to provide valuable context for security analysts and explore...

Om Podcasten

Detection Engineering Dispatch is a detection engineering & threat hunting podcast featuring spicy use cases, real-world war stories, and the brilliant minds building the future of SecOps.We’re talking sharp takes, top-of-mind challenges, and community content straight from the folks pushing the limits of detection engineering, threat hunting, and everything in between.Come for the nerdy bits. Stay for the vibes. Join our community to stay up to date on all of our newest episode drops:➡️ Register HereStay in the loop! Connect with us on social:Website: https://www.anvilogic.com/LinkedIn: https://www.linkedin.com/company/anvilogic YouTube: https://www.youtube.com/@Anvilogic