🔥 3-day streak
Microsoft Security Operations Analyst138 / 190
Question 138 of 190

Your SOC has enabled several built-in Microsoft Sentinel machine learning-based anomaly rules from the Anomalies blade. Analysts report that one anomaly rule for 'Anomalous login by user' is generating too many results during normal business hours, but you want to keep the underlying model active so you can validate a tuned version before replacing the original. What is the correct approach in Microsoft Sentinel to adjust the rule's sensitivity while comparing results against the original?

Reviewed for accuracy · Report an issueNext question