Working with multiple data types and sources is a challenge: Understanding different schemas and creating a unique set of analytics rules, workbooks, and hunting queries for each. This webinar will enable you to learn about the Azure Sentinel Information Model (ASIM), which combines schema definitions, parsers, and normalized content to allow source agnostic content and simplify analyst use of the Azure Sentinel’s data.
2:38 - Introduction
4:39 - ASIM Overview
18:09 - Demo
24:51 - Understanding the ASIM Schemas
41:10 - Demo
50:08 - Normalization in Action: Detections and Hunting
53:50 - Q&A/Outro
#MicrosoftSecurity