Forum Discussion
Solved
Azure Sentinel Walk-through Lab Training
I've just begun learning Azure Sentinel, all the MS Docs, and 3rd-party training videos utilize pre-configured materials to *demonstrate* creating alerts which generate incidents, doing hunting scena...
My general advice is familiarize yourself with the interface first. Familiarize yourself with what connectors come built in Sentinel and you can take advantage of in the beginning. For everything else you re going to have to do it by hand.
For learning Kusto, there's a good course on Pluralsight. There's also the way of taking pre build analytics rule and trying to understand Kusto from those, but they are quite complex and it would not be easy. However, Kusto is as simple as it gets. You will find it really easy.
Do not delve into Notebooks just yet as those are quite complex.
Playbooks / Logic Apps are quite intensive to troubleshoot in my small experience, but can help you automate your stuff.
TKDJoe I would also add that there are two books out now for Azure Sentinel:
Microsoft Azure Sentinel: Planning and implementing Microsofts cloud-native SIEM solution (https://www.amazon.com/Microsoft-Azure-Sentinel-implementing-cloud-native-ebook/dp/B085B6C258/ref=sr_1_1?dchild=1&keywords=azure+sentinel&qid=1586646915&sr=8-1)
and
Learn Azure Sentinel (https://www.amazon.com/Learn-Azure-Sentinel-artificial-intelligence-ebook/dp/B0859C7L1G/ref=sr_1_2?dchild=1&keywords=azure+sentinel&qid=1586646947&sr=8-2)
Full Disclosure: I am a co-author on this one.
