Azure Sentinel Resource Terminus – board here!

Introduction


This article is a collection of resources for Azure Sentinel designed to get you up and running with the service as quickly as possible. It is organized by broad topic area to allow you quickly navigate to your area of interest. Most topics are broken down into groups of related articles.


AzureCircle.png


 


Most of the resources in this article are listed in tables with a short title and a link to the resource. The final two columns in the table show the type of resource and an indication if the topic is relatively advanced or specialized.


 





















ianhelle_0-1585767814536.png

Blog


ianhelle_1-1585767814537.png

Azure Document


ianhelle_2-1585767814538.png

GitHub Location


ianhelle_3-1585767814538.png

Video/Webinar



 


Advanced articles are indicated with a bold A.


 


Note: many of the video/webinar links have a companion deck. You view the full list here.


Contents


 



 


Overview


 


If you are new to Azure Sentinel or need a refresher on the core components you should read this overview document.


https://docs.microsoft.com/en-us/azure/sentinel/overview


 


If you find terms in this document that you are not familiar with, you should refer back to the Azure Sentinel Overview to clarify them.


 


This webinar is also useful, more technical, overview of Azure Sentinel Features


Azure Sentinel webinar: Understanding Azure Sentinel features and functionality deep dive – YouTube 


 


Azure Sentinel Community and Contributing


You can contribute detections, hunting queries, workbooks, Jupyter notebooks and playbooks to the Azure Sentinel user community. Find out more about this here:


https://github.com/Azure/Azure-Sentinel/wiki


 


The Wiki is part of the Azure Sentinel GitHub, which is the central repository for Microsoft and community contributions to Azure Sentinel: https://github.com/Azure/Azure-Sentinel


 


Creating Your Azure Sentinel Workspace


 


Most of you reading this will have already set up your Workspace. If not, here is a quick introduction:


https://docs.microsoft.com/en-us/azure/sentinel/quickstart-onboard


 


Automating Azure Sentinel Setup


Even though this article is focused on setting up a lab environment, it contains a lot of information about automating workspace creation and configuration with Azure Resource Manager (ARM) templates.


https://techcommunity.microsoft.com/t5/azure-sentinel/azure-sentinel-to-go-sentinel-lab-w-prerecorded-data-amp-a/ba-p/1260191


 


Other Azure Sentinel Design and Deployment Articles


These articles are all relatively advanced topics.
















































Cloud & on-prem architecture



https://youtu.be/_mm3GNwPBHU


ianhelle_4-1585767814538.png

A



Managing Multiple tenants with Azure Lighthouse



https://techcommunity.microsoft.com/t5/azure-sentinel/using-azure-lighthouse-and-azure-sentinel-to-monitor-across/ba-p/1043899


ianhelle_5-1585767814539.png

A



Architect your Sentinel Deployment



https://techcommunity.microsoft.com/t5/azure-sentinel/best-practices-for-designing-an-azure-sentinel-or-azure-security/ba-p/832574


ianhelle_6-1585767814539.png

A



Running Sentinel alongside Splunk



https://techcommunity.microsoft.com/t5/azure-sentinel/azure-sentinel-side-by-side-with-splunk/ba-p/1211266


ianhelle_7-1585767814539.png

A



Table Level Role Based Access Control



https://techcommunity.microsoft.com/t5/azure-sentinel/table-level-rbac-in-azure-sentinel/ba-p/965043



ianhelle_7-1585767814539.png



A



Deploying and Managing Azure Sentinel as Code



https://techcommunity.microsoft.com/t5/azure-sentinel/deploying-and-managing-azure-sentinel-as-code/ba-p/1131928



ianhelle_7-1585767814539.png



A



Combining Lighthouse with Sentinel DevOps



https://techcommunity.microsoft.com/t5/azure-sentinel/combining-azure-lighthouse-with-sentinel-s-devops-capabilities/ba-p/1210966



ianhelle_7-1585767814539.png



A



 


Onboarding Data


 


Identifying Critical Data


The data that is critical to identifying malicious activity will vary from organization to organization. It will likely include many of the following categories:


 






























Category



Examples



Host/Endpoint Logs



Log Analytics Agent, Syslog, Auditd, Windows Event Collection



Authentication Logs



Azure Active Directory, AWS CloudTrail



Cloud Infrastructure



Azure Activity, AWS CloudTrail, Azure Storage



Cloud Application Logs



Office 365



Network Infrastructure and Device Logs



Syslog, Azure Network Analytics, OMS Wiredata



 


Identifying what data is already Onboarded


How do you know what data you may have already available in Azure Log Analytics? You can use the Workspace Usage workbook for an overview of data usage in your workspace. Alternatively, use the Log Analytics query tool to browse around your data tables and their schema. The KQL search is useful to get a view of how much data you have of each type:


 


 


More details of about querying data in Azure Sentinel can be found in this article:


https://docs.microsoft.com/en-us/azure/azure-monitor/log-query/log-query-overview.


 


Costs of Data in Azure Sentinel


 
























Office 365, Azure AD and AWS data are free



https://azure.microsoft.com/en-us/pricing/details/azure-sentinel/



ianhelle_1-1585767814537.png



 



Calculate data storage costs



https://azure.microsoft.com/en-us/pricing/calculator/?service=azure-sentinel



ianhelle_1-1585767814537.png



 



Custom retention periods for data



https://techcommunity.microsoft.com/t5/azure-sentinel/new-per-data-type-retention-is-now-available-for-azure-sentinel/ba-p/917316



ianhelle_7-1585767814539.png



A



 


Onboarding new data


These articles cover the general operation and setup of data connectors and ingestion of data into Azure Sentinel.


 






























Quick Start



https://docs.microsoft.com/en-us/azure/sentinel/quickstart-onboard



ianhelle_1-1585767814537.png



 



Getting data into Azure Sentinel



https://www.youtube.com/watch?v=4HuxC-eCegs



ianhelle_4-1585767814538.png



 



Built-in Connectors



https://docs.microsoft.com/en-us/azure/sentinel/connect-data-sources



ianhelle_1-1585767814537.png



 



Custom Connectors



https://techcommunity.microsoft.com/t5/azure-sentinel/azure-sentinel-creating-custom-connectors/ba-p/864060



ianhelle_6-1585767814539.png



 



 


Common Data Sources


Azure Sentinel documentation has many articles covering ingesting data from hosts, Microsoft Security Services and Cloud Services and other common sources. The following table highlights some of these.


 








































































Windows Security Events



https://docs.microsoft.com/en-us/azure/sentinel/connect-windows-security-events



ianhelle_1-1585767814537.png



 



AWS



https://docs.microsoft.com/en-us/azure/sentinel/connect-aws



ianhelle_1-1585767814537.png



 



Azure Active Directory



https://docs.microsoft.com/en-us/azure/sentinel/connect-azure-active-directory



ianhelle_1-1585767814537.png



 



Office 365



https://docs.microsoft.com/en-us/azure/sentinel/connect-office-365



ianhelle_1-1585767814537.png



 



Microsoft Teams



https://techcommunity.microsoft.com/t5/azure-sentinel/protecting-your-teams-with-azure-sentinel/ba-p/1265761



ianhelle_1-1585767814537.png



 



Azure Security Center alerts



https://docs.microsoft.com/en-us/azure/sentinel/connect-azure-security-center



ianhelle_1-1585767814537.png



 



Microsoft Defender alerts



https://docs.microsoft.com/en-us/azure/sentinel/connect-microsoft-defender-advanced-threat-protection



ianhelle_1-1585767814537.png



 



Cloud App Security (MCAS)



https://docs.microsoft.com/en-us/azure/sentinel/connect-cloud-app-security



ianhelle_1-1585767814537.png



 



Azure Activity



https://docs.microsoft.com/en-us/azure/sentinel/connect-azure-activity



ianhelle_1-1585767814537.png



 



Syslog



https://docs.microsoft.com/en-us/azure/sentinel/connect-syslog



ianhelle_1-1585767814537.png



 



CEF (Common Event Format)



https://docs.microsoft.com/en-us/azure/sentinel/connect-common-event-format



ianhelle_1-1585767814537.png



 



 


In the same section as the references in the previous, you can also find instructions on other data sources such as Azure ATP, Windows Firewall, Azure Information Protection, Barracuda, Citrix, F5, ForcePoint, Squandra, Symantec and others.


 


Other Data Sources


Other references on importing log data into Azure Sentinel.


 






























Linux Auditd ingestion and monitoring



https://techcommunity.microsoft.com/t5/azure-sentinel/ingesting-auditd-configured-for-pam-tty-session-key-logging-into/ba-p/1113827



ianhelle_6-1585767814539.png



 



Best Practices for bringing in Common Event Framework data



https://techcommunity.microsoft.com/t5/azure-sentinel/best-practices-for-common-event-format-cef-collection-in-azure/ba-p/969990



ianhelle_6-1585767814539.png



 



Understanding the Log Analytics Agent



https://docs.microsoft.com/en-us/azure/azure-monitor/platform/log-analytics-agent



ianhelle_1-1585767814537.png



 



Bringing in Proofpoint TAP logs to Azure Sentinel



https://techcommunity.microsoft.com/t5/azure-sentinel/sending-proofpoint-tap-logs-to-azure-sentinel/ba-p/767727



ianhelle_6-1585767814539.png



A



 


Threat Intelligence Data


Threat intelligence data can enhance your ability to detect malicious actions in detections, investigations and hunting.


 


















Bring your own Threat Intel



https://techcommunity.microsoft.com/t5/azure-sentinel/bring-your-threat-intelligence-to-azure-sentinel/ba-p/1167546



ianhelle_6-1585767814539.png



 



Deep Dive in Threat Intelligence



https://youtu.be/zfoVe4iarto



ianhelle_4-1585767814538.png



 



 


 


Monitoring Activity


 


Basic information about your workspace is available in the Overview panel. The Incidents pane is also a key view where you can see current unresolved incidents from alerts (see Detections section later in the document).


 


Workbooks


Workbooks are one of the most useful tools in monitoring ongoing operations. Workbooks are a type of interactive and customizable dashboard view that gather multiple views and visualizations of data into a single pane.


They can include queried data from any Azure Sentinel table although are often designed to show multiple facets of one specific data set. You can choose from a variety of workbooks available within Azure Sentinel and a larger selection in the Azure Sentinel GitHub repo.


 


















Workbooks



https://docs.microsoft.com/en-us/azure/sentinel/tutorial-monitor-your-data



ianhelle_1-1585767814537.png



 



GitHub available Workbooks



https://github.com/Azure/Azure-Sentinel/tree/master/Workbooks



ianhelle_2-1585767814538.png



 



 


 


Detections


 


Azure Sentinel has many built-in detections. You can supplement these with alerts from your other detection services such as Azure Security Center, Office365 ATP, WDATP and Azure ATP. You can also create your own detection rules or import them from other sources.


 


Enabling Azure Sentinel Detections


These references describe the Azure Sentinel built-in detection rules and some other common detection sources. For building your own custom detection rules see also the articles in the 


Log Queries and the Kusto Query Language section later in the document.


 






















































Built-in Detections



https://docs.microsoft.com/en-us/azure/sentinel/tutorial-detect-threats-built-in



ianhelle_1-1585767814537.png



 



Custom Analytics



https://docs.microsoft.com/en-us/azure/sentinel/tutorial-detect-threats-custom



ianhelle_1-1585767814537.png



 



Create Incidents from Alerts



https://docs.microsoft.com/en-us/azure/sentinel/create-incidents-from-alerts



ianhelle_1-1585767814537.png



 



URL Detonation



https://techcommunity.microsoft.com/t5/azure-sentinel/using-the-new-built-in-url-detonation-in-azure-sentinel/ba-p/996229



ianhelle_6-1585767814539.png



 



Azure Security Center



https://techcommunity.microsoft.com/t5/azure-sentinel/integrating-azure-security-center-with-azure-sentinel/ba-p/482847



ianhelle_6-1585767814539.png



 



Office 365 Alerts



https://techcommunity.microsoft.com/t5/azure-sentinel/ingesting-office-365-alerts-with-graph-security-api/ba-p/984888



ianhelle_6-1585767814539.png



 



Multistage attack detection



https://docs.microsoft.com/en-us/azure/sentinel/fusion



ianhelle_1-1585767814537.png



 



Detection Details and public repository



https://github.com/Azure/Azure-Sentinel/tree/master/Detections



ianhelle_2-1585767814538.png



 



 


External Detection Rule Sources and Providers


You can also integrate with other threat detection services to Sigma rules are a particularly useful source of detection logic. The Proofpoint TAP blog shows a general mechanism for importing alerts from a REST API. This can be used to bring Alerts from many providers into Azure Sentinel. Many of the data providers listed


 
























Importing Sigma Rules to Azure Sentinel



https://techcommunity.microsoft.com/t5/azure-sentinel/importing-sigma-rules-to-azure-sentinel/ba-p/657097



ianhelle_6-1585767814539.png



 



Sigma and SOCPrime integration



https://techcommunity.microsoft.com/t5/azure-sentinel/azure-sentinel-sigma-and-soc-prime-integration-part-1/ba-p/1232903



ianhelle_6-1585767814539.png



 



Ingesting AlienVault OTX into Azure Sentinel



https://techcommunity.microsoft.com/t5/azure-sentinel/ingesting-alien-vault-otx-threat-indicators-into-azure-sentinel/ba-p/1086566



ianhelle_6-1585767814539.png



A



 


 


Investigations


 


Overview


 












End-to-End SOC scenario



https://www.youtube.com/watch?
v=HloK6Ay4h1M&feature=youtu.be



ianhelle_4-1585767814538.png



 



 


 


Investigation Graph


The investigation graph is the hub around which many investigation tasks pivot. It gives you an interactive graphical view of connected alerts and entities related to a single investigation. You can explore the context of each item in the investigation panel, add related entities and view the timeline of the attack.


 












Investigation Graph



https://docs.microsoft.com/en-us/azure/sentinel/tutorial-investigate-cases



ianhelle_1-1585767814537.png



 



 


Log Queries and the Kusto Query Language


The core of Azure Sentinel is the query engine. Detections, Workbooks, Hunting and Investigation tools are all powered by the Log Analytics query engine. You will need to have some understanding of Kusto in order to ad hoc querying or create new detection alerts.


 






















































Introduction to Log Query



https://docs.microsoft.com/en-us/azure/azure-monitor/log-query/log-query-overview



ianhelle_1-1585767814537.png



 



Azure Sentinel Correlation – Join operator



https://techcommunity.microsoft.com/t5/azure-sentinel/azure-sentinel-correlation-rules-the-join-kql-operator/ba-p/1041500



ianhelle_6-1585767814539.png



 



Azure Sentinel Correlation – make_list/in



https://techcommunity.microsoft.com/t5/azure-sentinel/azure-sentinel-correlation-rules-active-lists-out-make-list-in/ba-p/1029225



ianhelle_6-1585767814539.png



 



Deep dive on correlation Rules



https://youtu.be/pJjljBT4ipQ



ianhelle_4-1585767814538.png



 



KQL Functions



https://techcommunity.microsoft.com/t5/azure-sentinel/using-kql-functions-to-speed-up-analysis-in-azure-sentinel/ba-p/712381



ianhelle_6-1585767814539.png



A



KQL Reference



https://docs.microsoft.com/en-us/azure/kusto/query/



ianhelle_1-1585767814537.png



 



Introduction to KQL (Pluralsight)



https://app.pluralsight.com/library/courses/kusto-query-language-kql-from-scratch/table-of-contents



ianhelle_4-1585767814538.png



 



Including external data in your queries



https://techcommunity.microsoft.com/t5/azure-sentinel/implementing-lookups-in-azure-sentinel-part-1-reference-files/ba-p/1091306



ianhelle_6-1585767814539.png



A



 


Workbooks


Using workbooks to show multiple views of related data can help you understand the context of different elements involved in a potential attack. If an attack is confirmed, they can also help you understand the connections and further understand blast radius.


 


















Workbooks



https://docs.microsoft.com/en-us/azure/sentinel/tutorial-monitor-your-data



ianhelle_1-1585767814537.png



 



GitHub available Workbooks



https://github.com/Azure/Azure-Sentinel/tree/master/Workbooks



ianhelle_2-1585767814538.png



 



 


Hunting


 


Threat hunting can identify previously undetected malicious activity in your environment. As well as spotting potentially malicious activities. You can use your hunting findings to create detection rules that will alert on these patterns in the future.


 


Threat Hunting and Investigation Techniques


 




























































General Threat Hunting



https://techcommunity.microsoft.com/t5/azure-sentinel/identifying-threat-hunting-opportunities-in-your-data/ba-p/915721



ianhelle_6-1585767814539.png



 



Using Bookmarks in hunting



https://docs.microsoft.com/en-us/azure/sentinel/bookmarks



ianhelle_1-1585767814537.png



 



Using Livestream in hunting



https://docs.microsoft.com/en-us/azure/sentinel/livestream



ianhelle_1-1585767814537.png



 



Tracking High Value Accounts



https://techcommunity.microsoft.com/t5/azure-sentinel/azure-sentinel-performing-additional-security-monitoring-of-high/ba-p/430740



ianhelle_6-1585767814539.png



 



Using Time series analysis to detect anomalous patterns



https://techcommunity.microsoft.com/t5/azure-sentinel/time-series-visualization-of-palo-alto-logs-to-detect-data/ba-p/666344


 


https://techcommunity.microsoft.com/t5/azure-sentinel/looking-for-unknown-anomalies-what-is-normal-time-series/ba-p/555052



ianhelle_6-1585767814539.png



A



Identifying Network Beaconing



https://techcommunity.microsoft.com/t5/azure-sentinel/detect-network-beaconing-via-intra-request-time-delta-patterns/ba-p/779586



ianhelle_6-1585767814539.png



A



Office 365 specific threat hunting



https://techcommunity.microsoft.com/t5/azure-sentinel/office-365-email-activity-and-data-exfiltration-detection/ba-p/1169652



ianhelle_6-1585767814539.png



A



Taking a known breach and looking at your environment – Capital One Breach



Part 1 – https://techcommunity.microsoft.com/t5/azure-sentinel/hunting-for-capital-one-breach-ttps-in-aws-logs-using-azure/ba-p/1014258


Part 2 – https://techcommunity.microsoft.com/t5/azure-sentinel/hunting-for-capital-one-breach-ttps-in-aws-logs-using-azure/ba-p/1019767



ianhelle_6-1585767814539.png



A



GitHub available Hunting queries



https://github.com/Azure/Azure-Sentinel/tree/master/Hunting%20Queries



ianhelle_2-1585767814538.png



 



 


Workbooks


Workbooks can help you easily identify trends, blast radius and identify areas of further investigation.


 
























Mapping your users travel



https://techcommunity.microsoft.com/t5/azure-sentinel/how-to-use-azure-sentinel-to-follow-a-users-travel-and-map-their/ba-p/981716



ianhelle_6-1585767814539.png



 



Map security events across the globe



https://techcommunity.microsoft.com/t5/azure-sentinel/how-to-use-azure-monitor-workbooks-to-map-sentinel-data/ba-p/971818



ianhelle_6-1585767814539.png



 



GitHub available Workbooks



https://github.com/Azure/Azure-Sentinel/tree/master/Workbooks



ianhelle_2-1585767814538.png



 



 


Jupyter Notebooks


Jupyter Notebooks for advance investigations allow for extensive customization, bringing in multiple disparate tools and methods available across the cyber security landscape.


 
















































Getting started with Jupyter Notebooks



https://docs.microsoft.com/en-us/azure/sentinel/notebooks



ianhelle_1-1585767814537.png



 



Using Jupyter notebooks in an investigation



https://techcommunity.microsoft.com/t5/azure-sentinel/what-am-i-looking-at-using-notebooks-to-gain-situational/ba-p/891818



ianhelle_6-1585767814539.png



A



3 part series on Security Investigations using Jupyter Notebooks



Part 1 – https://techcommunity.microsoft.com/t5/azure-sentinel/security-investigation-with-azure-sentinel-and-jupyter-notebooks/ba-p/432921


Part 2 – https://techcommunity.microsoft.com/t5/azure-sentinel/security-investigation-with-azure-sentinel-and-jupyter-notebooks/ba-p/483466


Part 3 – https://techcommunity.microsoft.com/t5/azure-sentinel/security-investigation-with-azure-sentinel-and-jupyter-notebooks/ba-p/561413



ianhelle_6-1585767814539.png



A



Linux Host Explorer



https://techcommunity.microsoft.com/t5/azure-sentinel/explorer-notebook-series-the-linux-host-explorer/ba-p/1138273



ianhelle_6-1585767814539.png



A



Using Threat Intel in your Jupyter Notebook



https://techcommunity.microsoft.com/t5/azure-sentinel/using-threat-intelligence-in-your-jupyter-notebooks/ba-p/860239



ianhelle_6-1585767814539.png



A



Jupyter Notebook repository



https://github.com/Azure/Azure-Sentinel-Notebooks



ianhelle_2-1585767814538.png



A



MSTICPY – InfoSec defenders Python library for Jupyter Notebooks



https://github.com/Microsoft/msticpy



ianhelle_2-1585767814538.png



A



 


Remediation and Automation


 


Respond to threats automatically using Playbooks to allow for rapid response and blocking of attacks. Playbooks are implemented using Azure Logic Apps. Using them you can create complex workflows involving notifications, requesting approvals, reading from and updating data sources using a variety of services such as Teams, Office 365, Service Now and others.


 
























How to run a playbook in Azure Sentinel



https://docs.microsoft.com/en-us/azure/sentinel/tutorial-respond-threats-playbook



ianhelle_1-1585767814537.png



 



Playbooks available on GitHub



https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks



ianhelle_2-1585767814538.png



 



Azure Logic Apps overview



https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-overview



ianhelle_6-1585767814539.png



 



 


Community Articles and Resources


 


The following table is a list of articles from the Azure Sentinel Community Wiki. New content is being added frequently so be sure to check this location directly.


https://github.com/Azure/Azure-Sentinel/wiki/Community-Publications


 




























































































































































Title



Author



Type



Making your Azure Sentinel Workbooks multi-tenant (or multi-workspace)



Javier Soriano



blog



Security Monitoring and Detection Tips for your Storage Account – Part 1


Security Monitoring and Detection Tips for your Storage Account – Part 2


Security Monitoring and Detection Tips for your Storage Account – Part 3


Security Monitoring and Detection Tips for your Storage Account – Part 4



Thuan Nguyen



blog



The curious case of SaaS 3rd party into Azure Sentinel



Nathan Swift



blog



KQL Cheat Sheet



Marcus Bakker



CheatSheet



Azure Sentinel: advanced multistage attack detection — real machine learning for the real world



Maarten Goet



blog



Azure Sentinel Design



Adrian Grigorof



Infographics



Azure Sentinel: designing access and authorizations that meet the enterprise needs



Maarten Goet



blog



Azure Sentinel: automating your Use Cases with PowerShell and the #AzSentinel module



Maarten Goet



blog



Derbycon2019-Azure Sentinel A first look at Microsofts SIEM Solution



Carl Hertz



Video



ATT&CKing the Sentinel



Edoardo Gerosa & Olaf Hartong



Slides



Getting started using Microsoft Azure Sentinel Cloud Native SIEM



Chiheb Chebbi



blog



How to onboard Raspberry PI on Azure Sentinel



Antonio Formato



blog



Azure Sentinel: helping your SOC with investigation and hunting



Maarten Goet



blog



Protect yourself against CVE-2019–0708 aka #BlueKeep using Azure Sentinel and Microsoft Defender ATP



Maarten Goet



blog



Using Sysmon in Azure Sentinel



Olaf Hartong



blog



Azure Sentinel — Investigation Preview



Mag1cM0n



blog



The Journey to Azure Sentinel (Deploy Azure Sentinel)



Eli Shlomo



blog



Azure Sentinel — Microsoft Defender ATP: Automatic Advanced Hunting



Antonio Formato



blog



Azure Sentinel SIEM Architecture



Adrian Grigorof



Infographics



Connect Azure Sentinel to a ticketing system using the Microsoft Graph Security API



Azure Vlog-Youtube



Video



Azure Sentinel — MineMeld. Bring Your Own Threat Intelligence feeds



Antonio Formato



blog



Supercharge your PowerShell defenses with Azure Sentinel, MITRE ATT&CK and Sigma



Maarten Goet



blog



Protecting against malicious payloads over DNS using Azure Sentinel



Maarten Goet



blog



Syslog to Azure Sentinel



Irek Romaniuk



blog



Visualize your Azure Sentinel data with Grafana



Maarten Goet



blog



Azure Sentinel: design considerations



Maarten Goet



blog



Azure Sentinel FUSION: machine learning for a SecOps world



Maarten Goet



blog



Microsoft Azure Sentinel: not your daddy’s Splunk



Maarten Goet



blog



Series of experiments with Azure Sentinel Public Preview Part 1 Part 2 Part 3 Part 4 Part 5 Part 6 Part 7 Part 8 Part 9



Adrian Grigorof



blog



 


Other Resources


 


General


 






















Azure Sentinel Documentation



https://docs.microsoft.com/en-us/azure/sentinel/



Azure Sentinel Technical Community Blog



https://techcommunity.microsoft.com/t5/forums/postpage/board-id/AzureSentinelBlog


 



Azure Sentinel Community Publications



https://github.com/Azure/Azure-Sentinel/wiki/Community-Publications



Security Community Webinars



https://techcommunity.microsoft.com/t5/security-privacy-compliance/security-community-webinars/m-p/927888



 


Customer Stories


 


















SWC Technology Partners



https://customers.microsoft.com/en-us/story/741469-swctechnologypartners-partnerprofessionalservices-unitedstates



ASOS



https://customers.microsoft.com/en-us/story/751656-asos-retailer-azure-sentinel



Avanade



https://customers.microsoft.com/en-us/story/751679-avanade-professional-services-azure-sentinel



 


Conclusion


 


We hope that you have found this article a useful guide to documentation and resources for Azure Sentinel. This article is not intended to replace a central document resources like Azure Docs. We will try update this with new and changed resources until something more permanent is in place. We welcome any feedback on additional content to include.


 


Contributions



 

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.