![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(169.60000000000002, 53%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,268 questions
We are an MSSP and I'm sure these are the ones we spend a high proportion of our time on to fine-tune, but we have to make them work across 100s of customers, which may differ for your scenario.
I'd just say that you will probably need a watchlist for exclusions or have a playbook to handle exclusions, depending where you choose to do the optimization. We don't have a single strategy (apart from using a watchlist) as many needed bespoke work to fine-tune.