Azure Sentinel (now Microsoft Sentinel)

Owned by Roger Cruz, created
Last updated: Dec 25, 2021
1 min read

 

Intro

Microsoft Sentinel is a scalable, cloud-native, security information and event management (SIEM) and security orchestration, automation, and response (SOAR) solution. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for attack detection, threat visibility, proactive hunting, and threat response.

Documentation

 

Tips and Tidbits

  • Collect data at cloud scale across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds.

  • Detect previously undetected threats, and minimize false positives using Microsoft's analytics and unparalleled threat intelligence.

  • Investigate threats with artificial intelligence, and hunt for suspicious activities at scale, tapping into years of cyber security work at Microsoft.

  • Respond to incidents rapidly with built-in orchestration and automation of common tasks.

  • Microsoft Sentinel natively incorporates proven foundations, like Log Analytics, and Logic Apps.

  • After you connected your data sources to Microsoft Sentinel, you can monitor the data using the Microsoft Sentinel integration with Azure Monitor Workbooks, which provides versatility in creating custom workbooks.