Microsoft Sentinel - SOAR through the SIEM, begin with the basics

Sentinel Basics

You want to get started with Microsoft Sentinel but it looks overwhelming to you.

Here are some simple guidelines to follow for a very basic outline for you to get started with Microsoft Sentinel:

1. Sentinel setup and prereqs ---Start here Player One
2. Sentinel Permissions---------- What is your character/avatar and role
3. Power UP/use AI+ML----------Enable User and Entity Behavior Analytics (UEBA)
4. Where Data ------------------- What is your playing field (log analytics workspace)
5. Keep Data --------------------- How long do you want to keep data
6. How Data ----------------------What data do you want and how will you connect to data that you want to ingest (Connectors/Custom data connectors); including free
7. Detect Threats in Data --------Automatically detect threats with Analytic RULES
8. See/Visualize Data ------------Visualize data with workbooks
9. Alert on Data-------------------Visualize incidents
10. Prevent/Threat Hunt in Data---Be Proactive
11. Automate Responses ----------SOAR to the highest with automation
12.  Deploy Solutions --------------like M2131, ZeroTrust, CMMC2.0, NIST 800-53

For more in-depth information, please check out the Sentinel Deployment planning guide.

For a visual representation of Data flow from data sources and into Sentinel: