Microsoft Sentinel is a cloud-based SIEM (security information event management) solution that offers advanced intelligence tools across the organizations to secure the cloud and on-premises resources. The core offering of the Microsoft Sentinel revolves around collecting data at scale while detecting the threat in real-time using artificial intelligence to hunt the suspicious activities, ultimately performing actions to either remediate based on the preconfigured actions or provide a response plan to the security teams in an organization.
While deploying new resources in the cloud, securing the assets is crucial as keeping them highly available for production usage. Whether it's a simple DDoS attack or a complicated privilege escalation attack, Microsoft Sentinel gives you the visibility to detect and respond to the attack before it's too late. Understanding how the SIEM tools work and leveraging them to their maximum be a significant differentiator for your job role and skills.
In this hands-on lab, you will understand how to identify, capture and generate incidents for security events and potential attacks using Microsoft Sentinel.
Upon completion of this intermediate-level lab, you will be able to:
Familiarity with the following will be beneficial but is not required:
The following content can be used to fulfill the prerequisite:
July 30th, 2025 - Updated the instructions and screenshots to reflect the latest UI
July 25th, 2024 - Resolved onboarding workspace issue
June 24th, 2024 - Updated the instructions and screenshots to reflect the latest UI
September 5th, 2023 - Resolved data connector issue
June 27th, 2023 - Updated the instructions and screenshots to reflect the latest UI
January, 25th, 2023 - Updated the instructions and screenshots to reflect the latest UI
November 29th, 2022: Rebranded Sentinel to reflect the new name: Microsoft Sentinel