Sentinel technologies
These include 200+ connectors for services such as Azure functions. To build playbooks with Azure Logic Apps, you can choose from a growing gallery of built-in playbooks. Microsoft Sentinel's automation and orchestration solution provides a highly extensible architecture that enables scalable automation as new technologies and threats emerge. These analytics connect the dots, by combining low fidelity alerts about different entities into potential high-fidelity security incidents.Īutomate and orchestrate common tasks by using playbooksĪutomate your common tasks and simplify security orchestration with playbooks that integrate with Azure services and your existing tools. Microsoft Sentinel also provides machine learning rules to map your network behavior and then look for anomalies across your resources. Use the built-in correlation rules as-is, or use them as a starting point to build your own. Incidents are groups of related alerts that together indicate an actionable possible-threat that you can investigate and resolve. To help you reduce noise and minimize the number of alerts you have to review and investigate, Microsoft Sentinel uses analytics to correlate alerts into incidents. Correlate alerts into incidents by using analytics rules But you can't integrate workbooks with external data. Workbooks are best used for high-level views of Microsoft Sentinel data, and don't require coding knowledge. Workbooks are intended for SOC engineers and analysts of all tiers to visualize data. Microsoft Sentinel also comes with built-in workbook templates to allow you to quickly gain insights across your data as soon as you connect a data source. Microsoft Sentinel allows you to create custom workbooks across your data.
SENTINEL TECHNOLOGIES HOW TO
But it may be useful for you to see how to create a workbook in Azure Monitor. Workbooks display differently in Microsoft Sentinel than in Azure Monitor. You can also use common event format, Syslog, or REST-API to connect your data sources with Microsoft Sentinel.įor more information, see Find your data connector.Ĭreate interactive reports by using workbooksĪfter you onboard to Microsoft Sentinel, monitor your data by using the integration with Azure Monitor workbooks. Microsoft Sentinel has built-in connectors to the broader security and applications ecosystems for non-Microsoft solutions.
With Microsoft Sentinel, you get a single solution for attack detection, threat visibility, proactive hunting, and threat response. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise.
Security orchestration, automation, and response (SOAR).Security information and event management (SIEM).Microsoft Sentinel is a scalable, cloud-native solution that provides: