Microsoft Sentinel is a cloud-based SIEM (security information event management) solution that offers advanced intelligence tools across the organizations to secure the cloud and on-premises resources. The core offering of the Microsoft Sentinel revolves around collecting data at scale while detecting the threat in real-time using artificial intelligence to hunt the suspicious activities, ultimately performing actions to either remediate based on the preconfigured actions or provide a response plan to the security teams in an organization.

In this lab, you will create a Microsoft Sentinel workspace and connect it with log analytics workspace using Data Connectors to review and capture log incidents.

Learning Objectives

Upon completion of this beginner-level lab, you will be able to:

• Onboard Azure VM to Log Analytics Workspace
• Create and understand Microsoft Sentinel resource
• Review Data Connectors and enable Syslog collection

Intended Audience

• Candidates for AZ-500 Azure Security Engineer Exam
• Cloud Architects
• Data Engineers
• DevOps Engineers
• Security Engineers
• Software Engineers

Prerequisites

Familiarity with the following will be beneficial but is not required:

• Azure Virtual Machines
• Log Analytics Workspace

The following content can be used to fulfill the prerequisite:

• Monitor Azure Data Factory using Azure Monitor

Updates

June 4th, 2024 - Resolved deployment issue

June 27th, 2023 - Updated screenshots and instructions to reflect UI

30 Nov, 2022: Rebranded the lab to Microsoft Sentinel rename.