Interested in a private company training? Request it here.
Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution. Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response.
The Kusto Query Language (KQL) is a powerful tool to explore your data, discover patterns and identify anomalies. It's a simple yet powerful language to query structured, semi-structured, and unstructured data. The language is expressive, easy to read and understand, and optimized for authoring experiences. Kusto Query Language is optimal for querying telemetry, metrics, and logs.
Sentinel collects data from a wide variety of security tools: Microsoft Defender products, Entra ID, Azure logs and lot's of third-party firewall solutions. By analyzing all this data and identifying possible security breaches and suspicious activities, Sentinel helps you to identify threats that need investigation. Because Sentinel collects data from so many sources, it is a lot easier for a security admin to understand the full attack story and take appropriate action.
To stay ahead of increasingly sophisticated attacks, organizations need centralized visibility and intelligent threat detection. Microsoft Sentinel is a cloud-native SIEM and SOAR solution that collects data across your environment — from users and devices to apps and infrastructure — and uses built-in analytics, threat intelligence, and automation to detect, investigate, and respond to threats at scale. With Sentinel, you gain actionable insights and the ability to respond to incidents faster and more effectively.
This course is intended for system administrators and security specialists responsible for securing and analyzing the cloud IT environment.