Note: Please refer to the following before installing the solution:

• Review the solution Release Notes

• There may be known issues pertaining to this Solution, please refer to them before installing.

The Network Threat Protection Essentials solution contain queries that identifies suspicious network behavior based on various data sources ingested in Sentinel. The solution contains queries to detect common network-based attacks - things like malicious user agents, mining pools, Base64 encoded IPv4 address in request URL etc. The solution will be constantly updated to add more detection/hunting query as well as other sentinel content.

Pre-requisites:

This is a domain solution and does not include any data connectors. The content in this solution supports the connectors listed below. Install one or more of the listed solutions, to unlock the value provided by this solution.

1. Microsoft 365

2. Amazon Web Services

3. Windows Server DNS

4. Azure Firewall

5. Windows Forwarded Events

6. ZScaler Internet Access

7. Palo Alto Networks

8. Fortinet FortiGate

9. Check Point

Keywords: Malicious IP/User agent, DNS, TOR, mining

Analytic Rules: 2, Hunting Queries: 3

Learn more about Microsoft Sentinel | Learn more about Solutions