Microsoft Sentinel: Threat Detection and Response

Microsoft Sentinel

Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution. Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response.

• Microsoft Sentinel Overview and Pricing
• Activate Microsoft Sentinel
• Onboard Security Sources: Data Connectors and Content Hub
• Threat Intelligence
• Watchlists
• User and Entity Behavior Analytics (UEBA)
• LAB: Microsoft Sentinel

Kusto Query Language

The Kusto Query Language (KQL) is a powerful tool to explore your data, discover patterns and identify anomalies. It's a simple yet powerful language to query structured, semi-structured, and unstructured data. The language is expressive, easy to read and understand, and optimized for authoring experiences. Kusto Query Language is optimal for querying telemetry, metrics, and logs.

• Kusto Query Language
• Writing Basic Log Queries
• Filter Data
• Aggregate Data
• LAB: Kusto Query Language

Microsoft Sentinel Incident Investigation and Threat Hunting

Sentinel collects data from a wide variety of security tools: Microsoft Defender products, Entra ID, Azure logs and lot's of third-party firewall solutions. By analyzing all this data and identifying possible security breaches and suspicious activities, Sentinel helps you to identify threats that need investigation. Because Sentinel collects data from so many sources, it is a lot easier for a security admin to understand the full attack story and take appropriate action.

• Sentinel Analytics and Investigation
• Security Orchestration Automation: Automation Rules and Playbooks
• Threat Hunting
• Workbooks and Notebooks
• LAB: Microsoft Sentinel Incident Investigation and Threat Hunting