How to parse your custom data in Microsoft Sentinel?

During this session I’ll show the audience how they can develop a proper parser for their custom data coming into Microsoft Sentinel. This involves embracing the relatively new ASIM parsing normilization structure Microsoft now provides for their platform.

Expect some deep-diving into KQL so that you’re able to make some sense out of those custom logs. Afterwards your data is much easier to work with and better findable for your security analysts.

What will visitors learn ?
– Parsing data with KQL
– Normalization and the Advanced Security Information Model (ASIM)
– Work with custom log tables, data collectors and translation rules.

Zet deze sessie in je agenda

Bestel direct kaarten

€ 50 Extreme Early Bird
Bestel nu
€ 60 Early Bird
Bestel nu
€ 75 Standaard Ticket
Bestel nu