Updated: December 9, 2023 (December 9, 2023)
RoadmapSentinel
Microsoft Sentinel is Microsoft’s hosted security information and event management (SIEM) service, designed to help customers centralize security logs and event data to assist in incident hunting and remediation. The service is based on Azure Monitor and Log Analytics but offers additional analysis, annotation, and dashboard capabilities.
Service Overview
Like other SIEM systems, Microsoft Sentinel offers a centralized repository of security information and log management and processing, as well as alerting. Unlike generic monitoring services, such as Azure Monitor, Sentinel provides tools to help security professionals parse and process security events and incidents in a repeatable and rapid manner. Sentinel capabilities include the following:
- Collaborative tools to help security professionals analyze events and information over time
- Sentinel-specific log correlations for analyzing ingested data to find commonalities and correlation and reduce false-positive findings
- Data retention for offline
Atlas Members have full access
Get access to this and thousands of other unbiased analyses, roadmaps, decision kits, infographics, reference guides, and more, all included with membership. Comprehensive access to the most in-depth and unbiased expertise for Microsoft enterprise decision-making is waiting.
Membership OptionsAlready have an account? Login Now