In this episode, host Alex Hurtado chats with Micah Funderburk and Alex Stemaly, two detection engineering forces from LastPass, about their impressive risk-based alerting (RBA) system within Microsoft Sentinel. Dive into the world of entity correlation as they break down tagging key entities, stacking risk scores, and leveraging Microsoft's Advanced Security Information Model for data normalization.

Learn how RBA aggregates events to provide valuable context for security analysts and explore the intricacies of building risk scores based on impact, confidence, and asset information. Discover the benefits of deploying detections-as-code and the importance of constant communication with security operations partners.

Join our live conversation bi-weekly on Thursdays! You only have to register once:
➡️ Register Here

Stay in the loop! Connect with us on social:

• Website: https://www.anvilogic.com/
• LinkedIn: https://www.linkedin.com/company/anvilogic 
• YouTube: https://www.youtube.com/@Anvilogic 

About Detection Engineering Dispatch
Detection Engineering Dispatch is a live series featuring open discussions and live case studies with security operations teams at leading companies on what it takes to build a great detection engineering program. Join your peers to share knowledge, deep dive into technical best practices, and engage in discussions relevant to the detection engineering community.

About Detection Engineering Dispatch
Detection Engineering Dispatch is a live series featuring open discussions and live case studies with security operations teams at leading companies on what it takes to build a great detection engineering program. Join your peers to share knowledge, deep dive into technical best practices, and engage in discussions relevant to the detection engineering community.