🔥 3-day streak
Microsoft Security Operations Analyst170 / 190
Question 170 of 190

Your SOC needs an analytics rule in Microsoft Sentinel that alerts on a specific suspicious sign-in pattern within a single event as quickly as possible. The detection logic evaluates a single record and does not require correlation across multiple events or a time-window aggregation. The team wants the shortest possible detection latency without building a Logic App. Which analytics rule type should you configure?

Reviewed for accuracy · Report an issueNext question