🔥 3-day streak
Microsoft Security Operations Analyst159 / 190
Question 159 of 190

Your SOC uses Microsoft Sentinel with data connectors for Microsoft Entra ID, Microsoft Defender for Cloud Apps, and a third-party firewall via CEF. You want Sentinel to automatically detect advanced multistage attacks by correlating low-fidelity anomalous activities across these different data sources into a single high-confidence incident, without you having to author correlation logic. Which analytics rule type should you enable?

Reviewed for accuracy · Report an issueNext question