SC-200 - Manage a Security Operations Environment - Section 1.8
Configure Microsoft Sentinel analytics rules and anomalies, and map coverage with the MITRE ATT&CK matrix.
Configure scheduled analytics rules, near-real-time (NRT) rules, threat intelligence analytics rules, and machine learning analytics rules to surface incidents in Microsoft Sentinel. Use MITRE ATT&CK coverage mapping and anomaly rules to identify gaps in detection coverage and prioritise which tactics require additional analytics.
scheduled analytics rulesnear-real-time (NRT) rulesthreat intelligence analytics rulesmachine learning analytics rulesMITRE ATT&CK coverageanomalies in Microsoft Sentinel
More in this domain
Back to all Manage a Security Operations Environment objectives, or the SC-200 cert hub.
Examworthy is not affiliated with or endorsed by Microsoft. Original, blueprint-aligned practice material only.