In a previous blog post, I discussed how integration of ChatGPT and Microsoft Sentinel can simplify the incident handling process. As part of my ongoing exploration of AI-driven incident handling, I recently played with Azure OpenAI and I discovered new possibilities for enhancing my previous work. I decided to integrate Azure OpenAI into my existing setup.

Security analysts can use anomalies to reduce investigation and hunting time, as well as detect new and emerging threats. Typically, these benefits come at the cost of a high benign positive rate, but Microsoft Sentinel's customizable anomaly models are tuned by our data science team and trained with the data in your Microsoft Sentinel workspace to reduce the rate, providing out-of-the box value. If security analysts need to tune them further, the process is simple and requires no knowledge of machine learning. In this blog, we will discuss how customizable machine learning based anomalies have improved since Public Preview. Anomalies have their own tab on the Analytics blade!