Microsoft Sentinel documentation

Microsoft Sentinel provides attack detection, threat visibility, proactive hunting, and threat response to help you stop threats before they cause harm.

About Microsoft Sentinel

Overview

• What is Microsoft Sentinel?
• Best practices

What's new

• What's new in Microsoft Sentinel?

Get started

Quickstart

• Onboard Microsoft Sentinel

Deploy

• Deployment guide
• Prerequisites
• Plan costs
• Find solutions

How-To Guide

• Install solutions and content

Microsoft's unified security operations platform

Overview

• What is Microsoft's unified SecOps platform?
• Microsoft Defender portal overview
• Microsoft Sentinel in the Microsoft Defender portal

Deploy

• Plan your unified SecOps deployment
• Deploy Microsoft's unified SecOps platform

How-To Guide

• Connect Microsoft Sentinel to the Microsoft Defender portal

Collect data

Concept

• Microsoft Sentinel data connectors
• Data collection best practices
• Normalizing and parsing data

Tutorial

• Forward Syslog data to Log Analytics workspace

How-To Guide

• Create a custom connector
• Monitor connector health

Reference

• Find data connectors

Detect threats

Concept

• Understand threat intelligence
• MITRE ATT&CK® framework
• User and entity behavior analytics (UEBA)
• Customizable anomalies

Tutorial

• Detect threats by using analytics rules

How-To Guide

• Detect threats by using built-in analytics
• Create custom detection rules

Investigate and respond

Concept

• Incident investigation and case management
• Threat hunting
• Kusto Query Language in Microsoft Sentinel
• Automation rules
• Playbooks

Tutorial

• Investigate with UEBA
• Respond automatically to threats

How-To Guide

• Investigate incidents
• Manage incident workflow with tasks
• Monitor your data
• Conduct end-to-end threat hunting