Azure Sentinel

• A cloud-native SIEM and SOAR solution.
• It offers a birds-eye view across your enterprise.
• Sentinel is an intelligent security analytics and threat intelligence service that provides alert detection, threat visibility, proactive hunting, and threat response.
• Data connection methods in Sentinel: Service to service integration, External solutions via API, and External solutions via an agent.
• Azure Sentinel roles: Reader, Responder, and Contributor.

Threat Management

• Sentinel provides the following features: Collect, Detect, Investigate, and Respond.

• Quickly gain insights across your data with Azure Sentinel Workbooks.
• Investigate and resolve possible threats with incidents (groups of related alerts).
• You can automate tasks and simplify security orchestration using playbooks.
• Sentinel provides deep investigation tools to find the root cause of a potential security threat.
• Hunting allows you to find issues in your data.

Pricing

• Data retention is charged after 90 days.
• You are charged for the ingested data (per GB).

Azure Security Center vs Azure Sentinel:
https://tutorialsdojo.com/azure-security-center-vs-azure-sentinel/

What is Azure Sentinel and Why You Should Care

Want to learn more about Azure? Watch the official Microsoft Azure YouTube channel’s video series called Azure Tips and Tricks.

Sources:
https://docs.microsoft.com/en-us/azure/sentinel/overview
https://azure.microsoft.com/en-in/services/azure-sentinel/