Microsoft Sentinel is a cloud-based SIEM (security information event management) solution that offers advanced intelligence tools across the organizations to secure the cloud and on-premises resources. The core offering of the Microsoft Sentinel revolves around collecting data at scale while detecting the threat in real-time using artificial intelligence to hunt the suspicious activities, ultimately performing actions to either remediate based on the preconfigured actions or provide a response plan to the security teams in an organization.
In this lab, you will create a Microsoft Sentinel workspace and connect it with log analytics workspace using Data Connectors to review and capture log incidents.
Learning Objectives
Upon completion of this beginner-level lab, you will be able to:
- Onboard Azure VM to Log Analytics Workspace
- Create and understand Microsoft Sentinel resource
- Review Data Connectors and enable Syslog collection
Intended Audience
- Candidates for AZ-500 Azure Security Engineer Exam
- Cloud Architects
- Data Engineers
- DevOps Engineers
- Security Engineers
- Software Engineers
Prerequisites
Familiarity with the following will be beneficial but is not required:
- Azure Virtual Machines
- Log Analytics Workspace
The following content can be used to fulfill the prerequisite:
Updates
June 27th, 2023 - Updated screenshots and instructions to reflect UI
30 Nov, 2022: Rebranded the lab to Microsoft Sentinel rename.
Parveen is an Azure advocate with previous experience in the professional consulting services industries. He specializes in infrastructure and DevOps with a wide range of knowledge in security and access management. He is also an Azure Certified - DevOps Engineer Expert, Security Engineer, Developer Associate, Administrator Associate, CompTIA Certified - Network+, Security+, and AWS Cloud Practitioner.
Parveen enjoys writing about cloud technologies and sharing the knowledge with the community to help students upskill in the cloud.