- A cloud-native SIEM and SOAR solution.
- It offers a birds-eye view across your enterprise.
- Sentinel is an intelligent security analytics and threat intelligence service that provides alert detection, threat visibility, proactive hunting, and threat response.
- Data connection methods in Sentinel: Service to service integration, External solutions via API, and External solutions via an agent.
- Microsoft Sentinel roles: Reader, Responder, and Contributor.
- Sentinel provides the following features: Collect, Detect, Investigate, and Respond.
- Quickly gain insights across your data with Azure Sentinel Workbooks.
- Investigate and resolve possible threats with incidents (groups of related alerts).
- You can automate tasks and simplify security orchestration using playbooks.
- Sentinel provides deep investigation tools to find the root cause of a potential security threat.
- Hunting allows you to find issues in your data.
- Data retention is charged after 90 days.
- You are charged for the ingested data (per GB).
Microsoft Defender for Cloud vs Microsoft Sentinel:
What is Microsoft Sentinel and Why You Should Care
Want to learn more about Azure? Watch the official Microsoft Azure YouTube channel’s video series called Azure Tips and Tricks.