You create a hunting query in Azure Sentinel. You need to receive a notification in the Azure portal as soon as the hunting query detects a match on the query. The solution must minimize effort. What should you use?
Because livestream notifications for new events use Azure portal notifications, you see these notifications whenever you use the Azure portal.
Ref https://docs.microsoft.com/en-us/azure/sentinel/livestream#receive-notifications-when-new-events-occur
Receive notifications when new events occur
Livestream notifications for new events appear with the Azure or Defender portal notifications. For example:
Azure portal notification for livestream
In the Azure or Defender portal, go to the notifications on the top right-hand side of the portal page.
Select the notification to open the Livestream pane.
Playbooks are automated responses to alerts, and they can be configured to perform actions like sending notifications when a specific condition, such as a hunting query match, is met.
Livestreams do not inherently send notifications; they are more about continuous monitoring and observation within the Azure Sentinel portal.
C. a livestream: Livestreaming in Log Analytics allows you to view logs in real-time, but it doesn't provide automated notifications. You would have to constantly monitor the livestream yourself.
Ans is Correct.
Use hunting livestream to create interactive sessions that let you test newly created queries as events occur, get notifications from the sessions when a match is found, and launch investigations if necessary.
https://learn.microsoft.com/en-us/azure/sentinel/livestream
A livestream is a continuous stream of data that is sent to Azure Sentinel. Livestreams are not designed to send notifications.
A playbook is a set of automated tasks that can be triggered by an alert or incident. In this case, you would create a playbook that sends a notification to the Azure portal as soon as the hunting query detects a match on the query.
Wat?
"Use hunting livestream to create interactive sessions that let you test newly created queries as events occur, get notifications from the sessions when a match is found, and launch investigations if necessary. "
https://learn.microsoft.com/en-us/azure/sentinel/livestream
C - least effort, select hunting query, one click - add to livestream (three dots) or from the livestream tab add query, playbook also valid, but more clicks...
a livestream cannot be used to receive a notification in the Azure portal as soon as a hunting query detects a match. Livestreams are used to stream security data from a security solution to Azure Sentinel in real-time.
To receive a notification in the Azure portal as soon as a hunting query detects a match, you should use a playbook. You can create a playbook that includes a "Send email" or "Send a notification to Azure Monitor" action, and associate the playbook with the hunting query. When the hunting query detects a match, the playbook will trigger the email or notification action, and you will receive an alert in near real-time.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
LiamNg
Highly Voted 2 years, 10 months agostromnessian
Highly Voted 2 years, 6 months agoIxlJustinlxl
7 months agoOnimole
Most Recent 5 days, 10 hours agoDChilds
5 months, 1 week agoCDR
2 months, 4 weeks agoCDR
2 months, 4 weeks agoshimon893
6 months, 3 weeks agoPasapugazh
9 months, 1 week agochepeerick
10 months, 3 weeks agoitsadel
1 year, 2 months agoDurden871
5 months, 3 weeks ago7c0a
1 year, 2 months agostone7026
1 year, 2 months agoD_PaW
1 year, 3 months agomansamusa
1 year, 5 months ago[Removed]
1 year, 6 months agowsrudmen
1 year, 6 months agoliberty123
2 years, 7 months agoCaracasCCS1
2 years, 11 months agoEltooth
2 years, 11 months ago