Microsoft Sentinel is a cloud-based SIEM (security information event management) solution that offers advanced intelligence tools across the organizations to secure the cloud and on-premises resources. The core offering of the Microsoft Sentinel revolves around collecting data at scale while detecting the threat in real-time using artificial intelligence to hunt the suspicious activities, ultimately performing actions to either remediate based on the preconfigured actions or provide a response plan to the security teams in an organization.
In this lab, you will create a Microsoft Sentinel workspace and connect it with log analytics workspace using Data Connectors to review and capture log incidents.
Upon completion of this beginner-level lab, you will be able to:
Familiarity with the following will be beneficial but is not required:
The following content can be used to fulfill the prerequisite:
June 4th, 2024 - Resolved deployment issue
June 27th, 2023 - Updated screenshots and instructions to reflect UI
30 Nov, 2022: Rebranded the lab to Microsoft Sentinel rename.