The Fundamentals, How to Ingest Data, Setting up Workbooks, Using Playbooks, Compromise Indicators, and more!
First, devices and services need to start streaming their data into Microsoft Sentinel, via Data Connectors. Technically, the data flows into Azure Log Analytics. Workbooks are used to visualize the data, potential issues and trends, and help create specific queries. These queries can help create rules called analytics. After creating analytic rules, you start to see Incidents, as well as process automated actions via Playbooks. When analyzing Incidents, you can leave a trail of Bookmarks to flag interesting or anomalous data for follow up and discover other areas that may be affected. Finally, and after gaining experience, you can go Hunting for threats.
Download our Deep Dive into Microsoft Sentinel eGuide to learn more!
Complete the Form to Download our Microsoft Sentinel eGuide Today.