Microsoft Sentinel – SOAR through the SIEM, begin with the basics

This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Community Hub.

Sentinel Basics

You want to get started with Microsoft Sentinel but it looks overwhelming to you.

Here are some simple guidelines to follow for a very basic outline for you to get started with Microsoft Sentinel:


  1. Sentinel setup and prereqs ---Start here Player One
  2. Sentinel Permissions---------- What is your character/avatar and role
  3. Power UP/use AI+ML----------Enable User and Entity Behavior Analytics (UEBA)
  4. Where Data ------------------- What is your playing field (log analytics workspace)
  5. Keep Data --------------------- How long do you want to keep data
  6. How Data ----------------------What data do you want and how will you connect to data that you want to ingest (Connectors/Custom data connectors); including free
  7. Detect Threats in Data --------Automatically detect threats with Analytic RULES
  8. See/Visualize Data ------------Visualize data with workbooks
  9. Alert on Data-------------------Visualize incidents
  10. Prevent/Threat Hunt in Data---Be Proactive
  11. Automate Responses ----------SOAR to the highest with automation
  12.  Deploy Solutions --------------like M2131, ZeroTrust, CMMC2.0, NIST 800-53

For more in-depth information, please check out the Sentinel Deployment planning guide.


For a visual representation of Data flow from data sources and into Sentinel:



Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.