{"id":90614,"date":"2020-02-20T06:00:43","date_gmt":"2020-02-20T14:00:43","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/?p=90614"},"modified":"2023-05-15T23:29:00","modified_gmt":"2023-05-16T06:29:00","slug":"azure-sentinel-uncovers-real-threats-hidden-billions-low-fidelity-signals","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/02\/20\/azure-sentinel-uncovers-real-threats-hidden-billions-low-fidelity-signals\/","title":{"rendered":"Azure Sentinel uncovers the real threats hidden in billions of low fidelity signals"},"content":{"rendered":"<p>Cybercrime is as much a people problem as it is a technology problem. To respond effectively, the defender community must harness machine learning to compliment the strengths of people. This is the philosophy that undergirds Azure Sentinel. Azure Sentinel is a cloud-native SIEM that exploits machine learning techniques to empower security analysts, data scientists, and engineers to focus on the threats that matter. You may have heard of similar solutions from other vendors, but the Fusion technology that powers <a href=\"https:\/\/azure.microsoft.com\/en-us\/services\/azure-sentinel\/\" target=\"_blank\" rel=\"noopener noreferrer\">Azure Sentinel<\/a> sets this SIEM apart for three reasons:<\/p>\n<ol>\n<li>Fusion finds threats that fly under the radar, by <strong>combining low fidelity, \u201cyellow\u201d anomalous activities <\/strong><strong>into high fidelity \u201cred\u201d incidents<\/strong>.<\/li>\n<li>Fusion does this by using machine learning to combine disparate data\u2014network, identity, SaaS, endpoint\u2014from <strong>both Microsoft and Partner data sources<\/strong>.<\/li>\n<li>Fusion incorporates graph-based machine learning and a probabilistic kill chain to reduce alert fatigue by 90 percent.<\/li>\n<\/ol>\n<p>\n<div class=\"wp-block-group is-layout-constrained wp-block-group-is-layout-constrained\"><div class=\"wp-block-msxcm-cta-block\" data-moray data-bi-an=\"CTA Block\">\n\t<div class=\"card d-block mx-ng mx-md-0\">\n\t\t<div class=\"row no-gutters\">\n\n\t\t\t\t\t\t\t<div class=\"col-md-4\">\n\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"150\" height=\"150\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/10\/Azure-Sentinal.png\" class=\"card-img img-object-cover\" alt=\"\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/10\/Azure-Sentinal.png 150w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/10\/Azure-Sentinal-100x100.png 100w\" sizes=\"(max-width: 150px) 100vw, 150px\" \/>\t\t\t\t<\/div>\n\t\t\t\n\t\t\t<div class=\"d-flex col-md\">\n\t\t\t\t<div class=\"card-body align-self-center p-4 p-md-5\">\n\t\t\t\t\t<h2>Azure Sentinel<\/h2>\n\n\t\t\t\t\t<div class=\"mb-3\">\n\t\t\t\t\t\t<p>Intelligent security analytics for your entire enterprise.<\/p>\n\t\t\t\t\t<\/div>\n\n\t\t\t\t\t\t\t\t\t\t\t<div class=\"link-group\">\n\t\t\t\t\t\t\t<a href=\"https:\/\/azure.microsoft.com\/en-us\/services\/azure-sentinel\/\" class=\"btn btn-link text-decoration-none p-0\" target=\"_blank\">\n\t\t\t\t\t\t\t\t<span>Learn more<\/span>\n\t\t\t\t\t\t\t\t<span class=\"glyph-append glyph-append-chevron-right glyph-append-xsmall\"><\/span>\n\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t<\/div>\n\n\t\t\t\t\t<\/div>\n\t<\/div>\n<\/div>\n<\/div>\n<\/p>\n<p>You can get a sense of how powerful Fusion is by looking at data from December 2019. During that month, billions of events flowed into Azure Sentinel from thousands of Azure Sentinel customers. Nearly 50 billion anomalous alerts were identified and graphed. After Fusion applied the probabilistic kill chain, the graph was reduced to 110 sub graphs. A second level of machine learning reduced it further to just 25 actionable incidents. This is how Azure Sentinel reduces alert fatigue by 90 percent.<\/p>\n<p><a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/wp-content\/uploads\/2020\/02\/Azure-Sentinel-uncovers-the-real-threats-1.png\" target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-90634 size-full\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/wp-content\/uploads\/2020\/02\/Azure-Sentinel-uncovers-the-real-threats-1.png\" alt=\"Infographic showing alerts to high-fidelity incidents.\" width=\"1777\" height=\"880\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/02\/Azure-Sentinel-uncovers-the-real-threats-1.png 1777w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/02\/Azure-Sentinel-uncovers-the-real-threats-1-300x149.png 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/02\/Azure-Sentinel-uncovers-the-real-threats-1-1024x507.png 1024w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/02\/Azure-Sentinel-uncovers-the-real-threats-1-768x380.png 768w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/02\/Azure-Sentinel-uncovers-the-real-threats-1-1536x761.png 1536w\" sizes=\"(max-width: 1777px) 100vw, 1777px\" \/><\/a><\/p>\n<h3>New Fusion scenarios\u2014Microsoft Defender ATP + Palo Alto firewalls<\/h3>\n<p>There are currently <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/sentinel\/fusion\" target=\"_blank\" rel=\"noopener noreferrer\">35 multi-stage attack scenarios<\/a> generally available through Fusion machine learning technology in Azure Sentinel. Today, Microsoft has introduced several additional scenarios\u2014in public preview\u2014using <a href=\"https:\/\/www.microsoft.com\/en-us\/microsoft-365\/windows\/microsoft-defender-atp\" target=\"_blank\" rel=\"noopener noreferrer\">Microsoft Defender Advanced Threat Protection (ATP)<\/a> and Palo Alto logs. This way, you can leverage the power of Sentinel and Microsoft Threat Protection as complementary technologies for the best customer protection.<\/p>\n<ul>\n<li><strong>Detect otherwise missed attacks<\/strong>\u2014By stitching together disparate datasets using Bayesian methods, Fusion helps to detect attacks that could have been missed.<\/li>\n<li><strong>Reduce mean time to remediate<\/strong>\u2014Microsoft Threat Protection provides a best in class investigation experience when addressing alerts from Microsoft products. For non-Microsoft datasets, you can leverage hunting and investigation tools in Azure Sentinel.<\/li>\n<\/ul>\n<p>Here are a few examples:<\/p>\n<p><strong>An endpoint connects to TOR network followed by suspicious activity on the Internal network<\/strong>\u2014Microsoft Defender ATP detects that a user inside the network made a request to a TOR anonymization service. On its own this incident would be a low-level fidelity. It\u2019s suspicious but doesn\u2019t rise to the level of a high-level threat. Palo Alto firewalls registers anomalous activity from the same IP address, but it isn\u2019t risky enough to block. Separately neither of these alerts get elevated, but together they indicate a multi-stage attack. Fusion makes the connection and promotes it to a high-fidelity incident.<\/p>\n<p><a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/wp-content\/uploads\/2020\/02\/Azure-Sentinel-uncovers-the-real-threats-2.png\" target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-90635 size-full\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/wp-content\/uploads\/2020\/02\/Azure-Sentinel-uncovers-the-real-threats-2.png\" alt=\"Infographic of the Palo Alto firewall detecting threats.\" width=\"1400\" height=\"753\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/02\/Azure-Sentinel-uncovers-the-real-threats-2.png 1400w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/02\/Azure-Sentinel-uncovers-the-real-threats-2-300x161.png 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/02\/Azure-Sentinel-uncovers-the-real-threats-2-1024x551.png 1024w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/02\/Azure-Sentinel-uncovers-the-real-threats-2-768x413.png 768w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/02\/Azure-Sentinel-uncovers-the-real-threats-2-389x209.png 389w\" sizes=\"(max-width: 1400px) 100vw, 1400px\" \/><\/a><\/p>\n<p><strong>A PowerShell program on an endpoint connects to a suspicious IP address, followed by suspicious activity on the Internal network<\/strong>\u2014Microsoft Defender ATP generates an alert when a PowerShell program makes a suspicious network connection. If Palo Alto allows traffic from that IP address back into the network, Fusion ties the two incidents together to create a high-fidelity incident<\/p>\n<p><strong>An endpoint connects to a suspicious IP followed by anomalous activity on the Internal network<\/strong>\u2014If Microsoft Defender ATP detects an outbound connection to an IP with a history of unauthorized access <em>and<\/em> Palo Alto firewalls allows an inbound request from that same IP address, it\u2019s elevated by Fusion.<\/p>\n<h3>How Fusion works<\/h3>\n<ol>\n<li><strong>Construct graph<\/strong><\/li>\n<\/ol>\n<p>The process starts by collecting data from several data sources, such as Microsoft products, <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/business\/partnerships\" target=\"_blank\" rel=\"noopener noreferrer\">Microsoft security partner<\/a> products, and other cloud providers. Each of those security products output anomalous activity, which together can number in the billions or trillions. Fusion gathers all the low and medium level alerts detected in a 30-day window and creates a graph. The graph is hyperconnected and consists of billions of vertices and edges. Each entity is represented by a vertex (or node). For example, a vertex could be a user, an IP address, a virtual machine (VM), or any other entity within the network. The edges (or links) represent all the activities. If a user accesses company resources with a mobile device, both the device and the user are represented as vertices connected by an edge.<\/p>\n<p><a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/wp-content\/uploads\/2020\/02\/Azure-Sentinel-uncovers-the-real-threats-3.png\" target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-90636 size-full\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/wp-content\/uploads\/2020\/02\/Azure-Sentinel-uncovers-the-real-threats-3.png\" alt=\"Image of an AAD Detect graph.\" width=\"1314\" height=\"1268\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/02\/Azure-Sentinel-uncovers-the-real-threats-3.png 1314w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/02\/Azure-Sentinel-uncovers-the-real-threats-3-300x289.png 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/02\/Azure-Sentinel-uncovers-the-real-threats-3-1024x988.png 1024w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/02\/Azure-Sentinel-uncovers-the-real-threats-3-768x741.png 768w\" sizes=\"(max-width: 1314px) 100vw, 1314px\" \/><\/a><\/p>\n<p>Once the graph is built there are still billions of alerts\u2014far too many for any security operations team to make sense of. However, within those connected alerts there may be a pattern that indicates something more serious. The human brain is just not equipped to quickly remove it. This is where machine learning can make a real difference.<\/p>\n<ol start=\"2\">\n<li><strong>Apply probabilistic kill chain<\/strong><\/li>\n<\/ol>\n<p>Fusion applies a probabilistic kill chain which acts as a regularizer to the graph. The statistical analysis is based on how real people\u2014Microsoft security experts, vendors, and customers\u2014triage alerts. For example, defenders prioritize kill chains that are time bound. If a kill chain is executed within a day, it will take precedence over one that is enacted over a few days. An even higher priority kill chain is one in which all steps have been completed. This intelligence is encoded into the Fusion machine learning statistical model. Once the probabilistic kill chain is applied, Fusion outputs a smaller number of sub graphs, reducing the number of threats from billions to hundreds.<\/p>\n<ol start=\"3\">\n<li><strong>Score the attack<\/strong><\/li>\n<\/ol>\n<p>To reduce the noise further, Fusion uses machine learning to apply a final round of scoring. If labeled data exists, Fusion uses random forests. Labeled data for attacks is generated from the extensive Azure red team that execute these scenarios. If labeled data doesn\u2019t exist Fusion uses spectral clustering.<\/p>\n<p>Some of the criteria used to elevate threats include the number of high impact activity in the graph and whether the subgraph connects to another subgraph.<\/p>\n<p>The output of this machine learning process is tens of threats. These are extremely high priority alerts that require immediate action. Without Fusion, these alerts would likely remain hidden from view, since they can only be seen after two or more low level threats are stitched together to shine a light on stealth activities. AI-generated alerts can now be handed off to people who will determine how to respond.<\/p>\n<p>The great promise of AI in cybersecurity is its ability to enable your cybersecurity people to stay one step ahead of the humans on the other side. AI-backed Fusion is just one example of the innovative potential of partnering technology and people to take on the threats of today and tomorrow.<\/p>\n<h3>Learn more<\/h3>\n<p>Read more about <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?p=90612\u200b\" target=\"_blank\" rel=\"noopener noreferrer\">Azure Sentinel<\/a> and dig into all the <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/sentinel\/fusion\" target=\"_blank\" rel=\"noopener noreferrer\">Azure Sentinel detection scenarios<\/a>.<\/p>\n<p>Also, bookmark the\u00a0<a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\" target=\"_blank\" rel=\"noopener noreferrer\">Security blog<\/a>\u00a0to keep up with our expert coverage on security matters. Follow us at\u00a0<a href=\"https:\/\/twitter.com\/@MSFTSecurity\" target=\"_blank\" rel=\"noopener noreferrer\">@MSFTSecurity<\/a>\u00a0for the latest news and updates on cybersecurity.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Azure Sentinel Fusion technology uses powerful machine learning methods to enable your SecOps team to focus on the threats that matter.<\/p>\n","protected":false},"author":96,"featured_media":90637,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"ep_exclude_from_search":false,"_classifai_error":"","footnotes":""},"content-type":[3662],"topic":[3685,3688],"products":[3726],"threat-intelligence":[],"tags":[],"coauthors":[2253],"class_list":["post-90614","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","content-type-news","topic-siem-and-xdr","topic-threat-trends","products-microsoft-sentinel"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Azure Sentinel uncovers the real threats hidden in billions of low fidelity signals<\/title>\n<meta name=\"description\" content=\"Azure Sentinel Fusion technology uses powerful machine learning methods to enable your SecOps team to focus on the threats that matter.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/02\/20\/azure-sentinel-uncovers-real-threats-hidden-billions-low-fidelity-signals\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Azure Sentinel uncovers the real threats hidden in billions of low fidelity signals\" \/>\n<meta property=\"og:description\" content=\"Azure Sentinel Fusion technology uses powerful machine learning methods to enable your SecOps team to focus on the threats that matter.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/02\/20\/azure-sentinel-uncovers-real-threats-hidden-billions-low-fidelity-signals\/\" \/>\n<meta property=\"og:site_name\" content=\"Microsoft Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2020-02-20T14:00:43+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-05-16T06:29:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/02\/Azure-Sentinel-uncovers-the-real-threats-FB.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"600\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Ram Shankar Siva Kumar\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/02\/Azure-Sentinel-uncovers-the-real-threats-FB.jpg\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ram Shankar Siva Kumar\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/02\/20\/azure-sentinel-uncovers-real-threats-hidden-billions-low-fidelity-signals\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/02\/20\/azure-sentinel-uncovers-real-threats-hidden-billions-low-fidelity-signals\/\"},\"author\":[{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/ram-shankar-siva-kumar\/\",\"@type\":\"Person\",\"@name\":\"Ram Shankar Siva Kumar\"}],\"headline\":\"Azure Sentinel uncovers the real threats hidden in billions of low fidelity signals\",\"datePublished\":\"2020-02-20T14:00:43+00:00\",\"dateModified\":\"2023-05-16T06:29:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/02\/20\/azure-sentinel-uncovers-real-threats-hidden-billions-low-fidelity-signals\/\"},\"wordCount\":1128,\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/02\/20\/azure-sentinel-uncovers-real-threats-hidden-billions-low-fidelity-signals\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/02\/Azure-Sentinel-uncovers-the-real-threats-card.jpg\",\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/02\/20\/azure-sentinel-uncovers-real-threats-hidden-billions-low-fidelity-signals\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/02\/20\/azure-sentinel-uncovers-real-threats-hidden-billions-low-fidelity-signals\/\",\"name\":\"Azure Sentinel uncovers the real threats hidden in billions of low fidelity signals\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/02\/20\/azure-sentinel-uncovers-real-threats-hidden-billions-low-fidelity-signals\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/02\/20\/azure-sentinel-uncovers-real-threats-hidden-billions-low-fidelity-signals\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/02\/Azure-Sentinel-uncovers-the-real-threats-card.jpg\",\"datePublished\":\"2020-02-20T14:00:43+00:00\",\"dateModified\":\"2023-05-16T06:29:00+00:00\",\"description\":\"Azure Sentinel Fusion technology uses powerful machine learning methods to enable your SecOps team to focus on the threats that matter.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/02\/20\/azure-sentinel-uncovers-real-threats-hidden-billions-low-fidelity-signals\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/02\/20\/azure-sentinel-uncovers-real-threats-hidden-billions-low-fidelity-signals\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/02\/20\/azure-sentinel-uncovers-real-threats-hidden-billions-low-fidelity-signals\/#primaryimage\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/02\/Azure-Sentinel-uncovers-the-real-threats-card.jpg\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/02\/Azure-Sentinel-uncovers-the-real-threats-card.jpg\",\"width\":440,\"height\":293,\"caption\":\"Image of workers in a meeting.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/02\/20\/azure-sentinel-uncovers-real-threats-hidden-billions-low-fidelity-signals\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Azure Sentinel uncovers the real threats hidden in billions of low fidelity signals\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"name\":\"Microsoft Security Blog\",\"description\":\"Expert coverage of cybersecurity topics\",\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\",\"name\":\"Microsoft Security Blog\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"width\":512,\"height\":512,\"caption\":\"Microsoft Security Blog\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Azure Sentinel uncovers the real threats hidden in billions of low fidelity signals","description":"Azure Sentinel Fusion technology uses powerful machine learning methods to enable your SecOps team to focus on the threats that matter.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/02\/20\/azure-sentinel-uncovers-real-threats-hidden-billions-low-fidelity-signals\/","og_locale":"en_US","og_type":"article","og_title":"Azure Sentinel uncovers the real threats hidden in billions of low fidelity signals","og_description":"Azure Sentinel Fusion technology uses powerful machine learning methods to enable your SecOps team to focus on the threats that matter.","og_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/02\/20\/azure-sentinel-uncovers-real-threats-hidden-billions-low-fidelity-signals\/","og_site_name":"Microsoft Security Blog","article_published_time":"2020-02-20T14:00:43+00:00","article_modified_time":"2023-05-16T06:29:00+00:00","og_image":[{"width":1200,"height":600,"url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/02\/Azure-Sentinel-uncovers-the-real-threats-FB.jpg","type":"image\/jpeg"}],"author":"Ram Shankar Siva Kumar","twitter_card":"summary_large_image","twitter_image":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/02\/Azure-Sentinel-uncovers-the-real-threats-FB.jpg","twitter_misc":{"Written by":"Ram Shankar Siva Kumar","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/02\/20\/azure-sentinel-uncovers-real-threats-hidden-billions-low-fidelity-signals\/#article","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/02\/20\/azure-sentinel-uncovers-real-threats-hidden-billions-low-fidelity-signals\/"},"author":[{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/ram-shankar-siva-kumar\/","@type":"Person","@name":"Ram Shankar Siva Kumar"}],"headline":"Azure Sentinel uncovers the real threats hidden in billions of low fidelity signals","datePublished":"2020-02-20T14:00:43+00:00","dateModified":"2023-05-16T06:29:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/02\/20\/azure-sentinel-uncovers-real-threats-hidden-billions-low-fidelity-signals\/"},"wordCount":1128,"publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/02\/20\/azure-sentinel-uncovers-real-threats-hidden-billions-low-fidelity-signals\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/02\/Azure-Sentinel-uncovers-the-real-threats-card.jpg","inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/02\/20\/azure-sentinel-uncovers-real-threats-hidden-billions-low-fidelity-signals\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/02\/20\/azure-sentinel-uncovers-real-threats-hidden-billions-low-fidelity-signals\/","name":"Azure Sentinel uncovers the real threats hidden in billions of low fidelity signals","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/02\/20\/azure-sentinel-uncovers-real-threats-hidden-billions-low-fidelity-signals\/#primaryimage"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/02\/20\/azure-sentinel-uncovers-real-threats-hidden-billions-low-fidelity-signals\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/02\/Azure-Sentinel-uncovers-the-real-threats-card.jpg","datePublished":"2020-02-20T14:00:43+00:00","dateModified":"2023-05-16T06:29:00+00:00","description":"Azure Sentinel Fusion technology uses powerful machine learning methods to enable your SecOps team to focus on the threats that matter.","breadcrumb":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/02\/20\/azure-sentinel-uncovers-real-threats-hidden-billions-low-fidelity-signals\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/02\/20\/azure-sentinel-uncovers-real-threats-hidden-billions-low-fidelity-signals\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/02\/20\/azure-sentinel-uncovers-real-threats-hidden-billions-low-fidelity-signals\/#primaryimage","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/02\/Azure-Sentinel-uncovers-the-real-threats-card.jpg","contentUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/02\/Azure-Sentinel-uncovers-the-real-threats-card.jpg","width":440,"height":293,"caption":"Image of workers in a meeting."},{"@type":"BreadcrumbList","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/02\/20\/azure-sentinel-uncovers-real-threats-hidden-billions-low-fidelity-signals\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/"},{"@type":"ListItem","position":2,"name":"Azure Sentinel uncovers the real threats hidden in billions of low fidelity signals"}]},{"@type":"WebSite","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","name":"Microsoft Security Blog","description":"Expert coverage of cybersecurity topics","publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization","name":"Microsoft Security Blog","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","contentUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","width":512,"height":512,"caption":"Microsoft Security Blog"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/"}}]}},"msxcm_display_generated_audio":false,"distributor_meta":false,"distributor_terms":false,"distributor_media":false,"distributor_original_site_name":"Microsoft Security Blog","distributor_original_site_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog","push-errors":false,"_links":{"self":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/90614"}],"collection":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/users\/96"}],"replies":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/comments?post=90614"}],"version-history":[{"count":0,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/90614\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/media\/90637"}],"wp:attachment":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/media?parent=90614"}],"wp:term":[{"taxonomy":"content-type","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/content-type?post=90614"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/topic?post=90614"},{"taxonomy":"products","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/products?post=90614"},{"taxonomy":"threat-intelligence","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/threat-intelligence?post=90614"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/tags?post=90614"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/coauthors?post=90614"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}