- A cloud-native SIEM and SOAR solution.
- It offers a birds-eye view across your enterprise.
- Sentinel is an intelligent security analytics and threat intelligence service that provides alert detection, threat visibility, proactive hunting, and threat response.
- Data connection methods in Sentinel: Service to service integration, External solutions via API, and External solutions via an agent.
- Microsoft Sentinel roles: Reader, Responder, and Contributor.
Threat Management
- Sentinel provides the following features: Collect, Detect, Investigate, and Respond.
- Quickly gain insights across your data with Azure Sentinel Workbooks.
- Investigate and resolve possible threats with incidents (groups of related alerts).
- You can automate tasks and simplify security orchestration using playbooks.
- Sentinel provides deep investigation tools to find the root cause of a potential security threat.
- Hunting allows you to find issues in your data.
Pricing
- Data retention is charged after 90 days.
- You are charged for the ingested data (per GB).
Microsoft Defender for Cloud vs Microsoft Sentinel:
https://tutorialsdojo.com/azure-security-center-vs-azure-sentinel/
What is Microsoft Sentinel and Why You Should Care
Want to learn more about Azure? Watch the official Microsoft Azure YouTube channel’s video series called Azure Tips and Tricks.
Sources:
https://docs.microsoft.com/en-us/azure/sentinel/overview
https://azure.microsoft.com/en-in/services/microsoft-sentinel/