Security Monitoring Wisdom: Realtime alerts do only make sense if you plan to also react in realtime. (e.g. fw block, disconnect systems) Otherwise the cost is too high. Better schedule a query that runs every 5 mins on the log data of the last 5 mins.
With @WindowsATP you get both real-time detection with a sliding window that runs back hours, not 5-min... and you also get non-real-time detections running in parallel with a sliding window of months. What’s the part you are still missing?
-
Show additional replies, including those that may contain offensive content
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.