image
hands-on labUsing Watchlists in Microsoft Sentinel
Intermediate
1h
16
5/5
Get guided in a real environmentPractice with a step-by-step scenario in a real, provisioned environment.
Learn and validateUse validations to check your solutions every step of the way.
See resultsTrack your knowledge and monitor your progress.
Lab steps
Logging in to the Microsoft Azure Portal
Creating Watchlist in Microsoft Sentinel
Lab description

Microsoft Sentinel is an AI-powered security solution that delivers real-time threat detection and protection in large, complex environments. The solution is built on a unified platform, which allows organizations to correlate data from multiple sources and monitor their environments in real time. Sentinel uses machine learning and behavioral analytics to detect anomalies in network traffic and identify threats based on how they behave.

While it may be easy to get overwhelmed by all the information in Microsoft Sentinel, Watchlists help you stay on top of logs and proactively monitor them for relevant data. Watchlists are customized views that allow you to see specific information related to your organization. You can create watchlists of high-value assets and service accounts in your environment.

You will create a watchlist item in your Microsoft Sentinel workspace using Azure Portal in this hands-on lab.

Learning Objectives

Upon completion of this intermediate-level lab, you will be able to:

  • Create a watchlist in Microsoft Sentinel workspace
  • Understand the use case and query process of the watchlist data

Intended Audience

  • Candidates for Azure Security Engineer (AZ-500)
  • Cloud Architects
  • Data Engineers
  • DevOps Engineers
  • Software Engineers

Prerequisites

Familiarity with the following will be beneficial but is not required:

  • Azure Log Analytics
  • Microsoft Sentinel

The following content can be used to fulfill the prerequisite:

Environment before
environment before preview
Environment after
environment after preview
About the author
Avatar
Parveen Singh
Cloud Lab Developer
Students
9846
Labs
75
Courses
1
Learning Paths
2

Parveen is an Azure advocate with previous experience in the professional consulting services industries. He specializes in infrastructure and DevOps with a wide range of knowledge in security and access management. He is also an Azure Certified - DevOps Engineer Expert, Security Engineer, Developer Associate, Administrator Associate, CompTIA Certified - Network+, Security+, and AWS Cloud Practitioner.
Parveen enjoys writing about cloud technologies and sharing the knowledge with the community to help students upskill in the cloud.

Covered topics