Skip to content

Commit 7b5ce87

Browse files
yelevinyelevin
authored
Added requirement to enable UEBA
 ------- cc: @yelevin
1 parent 9ea4509 commit 7b5ce87

File tree

1 file changed

+2
-0
lines changed

1 file changed

+2
-0
lines changed

articles/sentinel/anomalies-reference.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -25,6 +25,8 @@ Microsoft Sentinel uses two different models to create baselines and detect anom
2525

2626
Sentinel UEBA detects anomalies based on dynamic baselines created for each entity across various data inputs. Each entity's baseline behavior is set according to its own historical activities, those of its peers, and those of the organization as a whole. Anomalies can be triggered by the correlation of different attributes such as action type, geo-location, device, resource, ISP, and more.
2727

28+
You must [enable the UEBA feature](enable-entity-behavior-analytics.md) for UEBA anomalies to be detected.
29+
2830
- [Anomalous Account Access Removal](#anomalous-account-access-removal)
2931
- [Anomalous Account Creation](#anomalous-account-creation)
3032
- [Anomalous Account Deletion](#anomalous-account-deletion)

0 commit comments

Comments
 (0)