Documentation

Homepage

Overview

Overview

Microsoft Azure Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution. Azure Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response.

Getting Started

Getting Started

  1. 12/17/2019, Video, 0:04:00
    In this edition of Azure Tips and Tricks, you'll learn what Azure Sentinel is and how to use it. Azure Sentinel provides a threat detection and mitigation service that helps...
  2. 11/5/2019, Video, 0:45:00
    As the value of digital information increases, so do the number and sophistication of cyberattacks. Traditional SIEM products are failing to protect today's infrastructure...

Learning

Learning Paths

AZ-400: Develop an instrumentation strategy
Published: 6/25/2020, Length: 9:41:00
Develop an effective instrumentation strategy through logging, telemetry, and monitoring and prepare for Exam AZ-400: Designing and Implementing Microsoft DevOps Solutions.
Cloud-native security operations with Azure Sentinel
Published: 12/17/2020, Length: 6:19:00
This learning path describes basic architecture, core capabilities, and primary use cases of its products. You'll also learn about differences and Get familiar with Azure Sentinel, a cloud-native, security information and event management (SIEM) service.
SC-200 part 4: Create queries for Azure Sentinel using Kusto Query Language (KQL)
Published: 1/25/2021, Length: 2:03:00
SC-200 part 4: Create queries for Azure Sentinel using Kusto Query Language (KQL)

Learning Modules

Deploy Azure Sentinel and connect data sources
Published: 9/21/2020, Length: 0:50:00
Introduction to Azure Sentinel
Published: 9/21/2020, Length: 0:29:00
Design a holistic monitoring strategy on Azure
Published: 12/3/2019, Length: 0:57:00
Describe security capabilities of Azure Sentinel
Published: 1/19/2021, Length: 0:18:00

Azure Sentinel News

5/19/2022, MS Tech Community
Compliance means different things to different organizations. There is a need to modernize compliance to factor for dynamic changes in cloud workloads while monitoring configuration drift and...
5/19/2022, MS Tech Community
Final Update: Thursday, 19 May 2022 12:17 UTCWe've confirmed that all systems are back to normal with no customer impact as of 05/19, 11:20 UTC. Our logs show the incident started on 05/19, 08:25...
5/18/2022, MS Tech Community
There is a resurgence of interest and renewed priority to transform core enterprise systems. This resurgence is largely driven by rapidly shifting workforce dynamics such as retirement, the...
5/18/2022, MS Tech Community
Microsoft 365 Defender Streaming API: Identity and CloudApp events now in General Availability   We're happy to share that Microsoft 365 Defender Streaming API support for the following event...
5/17/2022, MS Tech Community
Hello!   I’m Sue Bohn, Microsoft Vice President of Program Management for Identity and Network Access. In this Voice of the ISV blog post, Jeremy Goldstein, Product Marketing Manager, and David...
5/16/2022, MS Tech Community
The Microsoft Sentinel: NIST SP 800-53 Solution enables compliance teams, architects, security analysts, and consultants to understand their cloud security posture related to Special Publication...
5/15/2022, MS Tech Community
Final Update: Sunday, 15 May 2022 13:56 UTCWe've confirmed that all systems are back to normal with no customer impact as of 05/15, 13:15 UTC. Our logs show the incident started on 05/15, 12:40...
5/15/2022, MS Tech Community
When triaging or investigating an incident, the context of the entirety of incidents in your SOC can be extremely useful. Other incidents involving the same entities for example can represent...
5/13/2022, MS Tech Community
  This blog was authored in collaboration with @Inwafula .   In recent years, cloud computing has grown in leaps and bounds due to its flexibility and agility in supporting business goals. Not...
5/12/2022, MS Tech Community
We continue to expand the Azure Marketplace ecosystem. For this volume, 92 new offers successfully met the onboarding criteria and went live. See details of the new offers below:   Get it now...
5/12/2022, MS Tech Community
How do you handle threat indicators in your workloads? Threat intelligence indicators are often the trigger for incident response investigations, yet many organizations struggle to ingest and...
5/11/2022, MS Tech Community
Over a year ago, we first announced the integration between Microsoft Sentinel and Microsoft 365 Defender as part of the Microsoft SIEM and XDR story. Combining the breadth of a SIEM with the...
5/10/2022, MS Tech Community
On December 2021 Microsoft announced its new solution for continuous monitoring for GitHub using Microsoft Sentinel. GitHub allows you to host, manage, and control different versions of software...
4/29/2022, MS Tech Community
Companies performing workloads that utilize high-performance computing (HPC) are full of some of the brightest minds out there and are tackling the world’s most challenging problems. We see the...
4/29/2022, MS Tech Community
Thanks to @Chi_Nguyen and @Patrick_Goudjo_Ako for help on creating and fine-tuning playbook actions and blog!   Watchlists in Microsoft Sentinel allow you to correlate data from a data source you...
4/28/2022, MS Tech Community
Since its first release in 2020, the Microsoft Sentinel Cybersecurity Maturity Model Certification workbook has remained one of the most consumed Sentinel content packages in Azure...
4/27/2022, MS Tech Community
We continue to expand the Azure Marketplace ecosystem. For this volume, 118 new offers successfully met the onboarding criteria and went live. See details of the new offers below:   Get it...
4/26/2022, MS Tech Community
Are you interested in maturing your security operations center capabilities? Do you need to align your cloud, multi-cloud, on-premises, and hybrid workloads for CMMC 2.0 compliance? We are...
4/20/2022, MS Tech Community
We continue to expand the Azure Marketplace ecosystem. For this volume, 134 new offers successfully met the onboarding criteria and went live. See details of the new offers below:   Get it...
4/19/2022, MS Tech Community
Become an Insider Risk Management Ninja **Insider Risk Management is a solution in Microsoft Purview. Some assets and past recordings may refer to it as Insider Risk Management in Microsoft 365...