Functionality and Usage of Microsoft Sentinel

SIEM - Security Information Event Management

• Helps find various threats or exposures

SOAR - Security Orchestration Automation Response

• Automatically respond to events

Microsoft Sentinel takes care of the above two bullet points

• Sits on top of a Log Analytics Workspace

  • It sits on top of this because all of the information is already flowing through here typically

• Looks at all the logs and signals and adds intelligence on top to give you meaningful insight