You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/sentinel/ops-guide.md
+8-8Lines changed: 8 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -18,14 +18,14 @@ This article lists the operational activities that we recommend security operati
18
18
19
19
Schedule the following activities daily.
20
20
21
-
|Task|description|
22
-
|---|---|
23
-
|**Triage and investigate incidents**|Review the Microsoft Sentinel **Incidents** page to check for new incidents generated by the currently configured analytics rules, and start investigating any new incidents. For more information, see[Investigate incidents with Microsoft Sentinel](investigate-cases.md).|
24
-
|**Explore hunting queries and bookmarks**|Explore results for all built-in queries, and update existing hunting queries and bookmarks. Manually generate new incidents or update old incidents if applicable. For more information, see:</br></br>- [Automatically create incidents from Microsoft security alerts](create-incidents-from-alerts.md)</br>- [Hunt for threats with Microsoft Sentinel](hunting.md)</br>- [Keep track of data during hunting with Microsoft Sentinel](bookmarks.md)|
25
-
|**Analytic rules**|Review and enable new analytics rules as applicable, including both newly released or newly available rules from recently connected data connectors.|
26
-
|**Data connectors**| Review the status, date, and time of the last log received from each data connector to ensure that data is flowing. Check for new connectors, and review ingestion to ensure set limits aren't exceeded. For more information, see [Data collection best practices](best-practices-data.md) and [Connect data sources](connect-data-sources.md).|
27
-
|**Azure Monitor Agent**| Verify that servers and workstations are actively connected to the workspace, and troubleshoot and remediate any failed connections. For more information, see[Azure Monitor Agent overview](/azure/azure-monitor/agents/azure-monitor-agent-overview).|
28
-
|**Playbook failures**| Verify playbook run statuses and troubleshoot any failures. For more information, see [Tutorial: Respond to threats by using playbooks with automation rules in Microsoft Sentinel](tutorial-respond-threats-playbook.md).|
21
+
|Task|description|
22
+
|---|---|
23
+
|**Triage and investigate incidents**|Review the Microsoft Sentinel **Incidents** page to check for new incidents generated by the currently configured analytics rules, and start investigating any new incidents. For more information, see:<br>- [Navigate, triage, and manage Microsoft Sentinel incidents in the Azure portal](incident-navigate-triage.md)<br>- [Investigate Microsoft Sentinel incidents in depth in the Azure portal](investigate-incidents.md)|
24
+
|**Explore hunting queries and bookmarks**|Explore results for all built-in queries, and update existing hunting queries and bookmarks. Manually generate new incidents or update old incidents if applicable. For more information, see:<br>- [Create your own incidents manually in Microsoft Sentinel in the Azure portal (Preview)](create-incident-manually.md)</br>- [Hunt for threats with Microsoft Sentinel](hunting.md)</br>- [Keep track of data during hunting with Microsoft Sentinel](bookmarks.md)|
25
+
|**Analytics rules**|Review and enable new analytics rules as applicable, including both newly released or newly available rules from recently deployed solutions. For more information, see:<br>- [Create scheduled analytics rules from templates](create-analytics-rule-from-template.md)<br>- [About Microsoft Sentinel content and solutions](sentinel-solutions.md)<br><br>Monitor the health and optimize the execution of your analytics rules. For more information, see:<br>- [Monitor the health and audit the integrity of your analytics rules](monitor-analytics-rule-integrity.md)<br>- [Monitor and optimize the execution of your scheduled analytics rules](monitor-optimize-analytics-rule-execution.md)|
26
+
|**Data connectors**| Review the health statusof your data connectors to ensure that data is flowing. Check for new connectors, and review ingestion to ensure set limits aren't exceeded. For more information, see [Monitor the health of your data connectors](monitor-data-connector-health.md).|
27
+
|**Azure Monitor Agent**| Verify that servers and workstations are actively connected to the workspace, and troubleshoot and remediate any failed connections. For more information, see [Azure Monitor Agent overview](/azure/azure-monitor/agents/azure-monitor-agent-overview).|
28
+
|**Playbook failures**| Verify playbook run statuses and troubleshoot any failures. For more information, see [Tutorial: Respond to threats by using playbooks with automation rules in Microsoft Sentinel](tutorial-respond-threats-playbook.md).|
0 commit comments