You are threat hunting suspicious traffic from a specific IP address. You nneed to annotate an intermediate event stored in the workspace and be able to reference the IP address when navigating through the investigation graph. What will you do?
Experience Level: Junior
Tags: Azure CloudAzure Sentinel
Answer
- Go to Azure Sentinel
- Go to Threat management - Hunting
- Run the query
- View the query results
- Add bookmark
- Map at least one entity type (either in Account, Host, IP address) - in this case, IP address will be the be right choice
- Fill in Timestamp, tags and notes
- Save the bookmark
Now the bookmarked data will be shared with other investigators.
Related Azure Cloud job interview questions
According to Microsoft Cloud Adoption Framework (CAF), what are the three specific terms related to Management phaze that can help improve conversations among business stakeholders?
Microsoft Cloud Adoption Framework (CAF) JuniorWhat are 6 key steps for establishing a management baseline according to Microsoft Cloud Adoption Framework (CAF)?
Microsoft Cloud Adoption Framework (CAF) JuniorWhat is management baseline according to Microsoft Cloud Adoption Framework (CAF)?
Microsoft Cloud Adoption Framework (CAF) JuniorWhat are the 5 disciplines of cloud governance according to Microsoft Cloud Adoption Framework (CAF)?
Microsoft Cloud Adoption Framework (CAF) JuniorIs Cloud Security Posture Management (CSPM) available for all Azure Subscriptions?
Microsoft Defender Junior