en un clic
sentinel-detection-engineering
Guidance for detection engineering in Microsoft Sentinel — building, testing, deploying, and maintaining analytics rules, hunting queries, and SOAR automation. Covers the Content Hub solution model, MITRE ATT&CK mapping, scheduled vs near-real-time (NRT) vs Fusion vs anomalies analytics, KQL detection patterns (joins, summarize, bin, materialize), entity mapping and incident enrichment, custom detections from Defender XDR vs Sentinel-only, automation rules, playbooks (Logic Apps), watchlists, threat intel matching, content as code with Azure DevOps / GitHub repositories integration, and detection lifecycle (validate → tune → version). WHEN: Sentinel analytics rule, KQL detection, MITRE mapping, Sentinel content hub, scheduled analytics, NRT rule, hunting query, Sentinel automation rule, Logic App playbook, custom detection, repositories Sentinel CI/CD, detection-as-code, watchlist, threat intel matching analytics, fusion alerts, anomalies, incident enrichment, entity mapping. DO NOT USE for Sentinel architect
Installer avec Codex ou Claude Copiez ce prompt, collez-le dans Codex, Claude ou un autre assistant, puis laissez-le vérifier la page du skill et l'installer pour vous.