Lab Challenge

Azure Sentinel Incident Triage Challenge

Push your skills to the next level in a live environment

Lab Steps

Azure Sentinel Incident Triage Challenge
Start Lab Challenge


Time Limit

1h 30m



About Lab Challenges

Lab challenges are hands-on labs with the gloves off. You jump into an auto-provisioned cloud environment and are given a goal to accomplish. No instructions, no hints. To pass, you'll have a limited time to demonstrate your problem-solving skills and get the checks that inspect the state of your lab environment.

Challenge Description

Azure Sentinel (Microsoft Sentinel) is a cloud-based SIEM (security information event management) solution that offers advanced intelligence tools across organizations to secure the cloud and on-premises resources. 

This lab challenge assumes familiarity with the following concepts: 

  • Understanding of Azure Sentinel offering
  • Understanding Sentinel incidents, data connectors, analytic rules, and log query editor

If you are unfamiliar with any of the above, Cloud Academy recommends completing the labs mentioned in the prerequisites before attempting this lab challenge.

This hands-on lab challenge will test your practical ability to interact with the Azure Sentinel to satisfy a set of requirements in a production-like Azure environment. You will be presented with a task and set of requirements you must fulfill to pass the challenge.

This is a real environment, which means you can prove your knowledge in an applied way, substituting multiple-choice questions for a dynamic performance-based exam situation.


January 24th, 2023 - Resolved an issue causing an excessive delay in data being reported in Sentinel

What will be assessed

  • Azure Sentinel
  • Azure Log Analytics

Intended audience

  • Candidates for Azure Security Engineer (AZ-500)
  • Cloud Architects
  • DevOps Engineers


  • Introduction to Azure Sentinel
  • Investigating Security Events using Azure Sentinel
About the Author
Learning paths2

Parveen is an Azure advocate with previous experience in the professional consulting services industries. He specializes in infrastructure and DevOps with a wide range of knowledge in security and access management. He is also an Azure Certified - DevOps Engineer Expert, Security Engineer, Developer Associate, Administrator Associate, CompTIA Certified - Network+, Security+, and AWS Cloud Practitioner.
Parveen enjoys writing about cloud technologies and sharing the knowledge with the community to help students upskill in the cloud.