Home
%3CLINGO-SUB%20id%3D%22lingo-sub-731727%22%20slang%3D%22en-US%22%3EAzure%20Sentinel%20Blog%20-%20Table%20of%20Contents%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-731727%22%20slang%3D%22en-US%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F121778i139F5EF83D28AB5A%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22SentinalTOC-TopHeader.JPG%22%20title%3D%22SentinalTOC-TopHeader.JPG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CTABLE%3E%0A%3CTBODY%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22162%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20533px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F121774iC493A4DBE5BA2436%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22Sentinel%20-%20core-capabilities.png%22%20title%3D%22Sentinel%20-%20core-capabilities.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22462%22%3E%3CP%3EAs%20Azure%20Sentinel%20Blogs%20grow%20in%20number%2C%20this%20Table%20of%20Contents%20will%20help%20you%20navigate%20the%20variety%20of%20topical%20areas.%26nbsp%3B%20This%20includes%20articles%20on%20log%20management%2C%20data%20ingestion%2C%20hunting%2C%20investigations%2C%20detections%2C%20features%20and%20all%20things%20in%20between.%26nbsp%3B%20The%20goal%20is%20to%20provide%20you%20with%20a%20central%20location%20to%20find%20information%20related%20to%20Azure%20Sentinel.%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20rowspan%3D%227%22%20width%3D%22162%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20173px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F121775i4960CC8A2C758467%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22AzureSentinTOC.JPG%22%20title%3D%22AzureSentinTOC.JPG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22462%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FAzure-Sentinel%2Fbg-p%2FAzureSentinelBlog%2Flabel-name%2FAnnouncements%22%20target%3D%22_self%22%3E%3CSTRONG%3EWhat%E2%80%99s%3C%2FSTRONG%3E%3CSPAN%3E%3CSTRONG%3E%20New%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FA%3E%3C%2FP%3E%0A%3CP%3ELearn%20about%20new%20and%20upcoming%20features%20as%20well%20as%20general%20announcements%20about%20Azure%20Sentinel.%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22462%22%3E%3CP%3E%3CSTRONG%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FAzure-Sentinel%2Fbg-p%2FAzureSentinelBlog%2Flabel-name%2FLogManagement%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3ELog%20Management%3C%2FA%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3ELearn%20how%20to%20manage%20the%20data%20you%20have%20collected%20in%20Azure%20Sentinel.%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22462%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FAzure-Sentinel%2Fbg-p%2FAzureSentinelBlog%2Flabel-name%2FConnectors%22%20target%3D%22_self%22%3E%3CSTRONG%3EConnectors%3C%2FSTRONG%3E%3C%2FA%3E%3C%2FP%3E%0A%3CP%3ELearn%20how%20to%20implement%20data%20collection%20in%20Azure%20Sentinel%20to%20make%20your%20data%20readily%20available%20for%20Detections%2C%20Hunting%20and%20Investigations.%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22462%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FAzure-Sentinel%2Fbg-p%2FAzureSentinelBlog%2Flabel-name%2FDetection%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3E%3CSTRONG%3EDetection%3C%2FSTRONG%3E%3C%2FA%3E%3C%2FP%3E%0A%3CP%3EDetection%20related%20blogs%20provide%20an%20example%20of%20how%20to%20use%20and%20understand%20the%20associated%20query%20that%20is%20available%20in%20the%20%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FAzure-Sentinel%2Ftree%2Fmaster%2FDetections%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3EDetections%20category%3C%2FA%3E%20of%20the%20Azure%20Sentinel%20GitHub%20%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FAzure-Sentinel%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3Erepository%3C%2FA%3E.%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FAzure-Sentinel%2Fbg-p%2FAzureSentinelBlog%2Flabel-name%2FHunting%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3E%3CSTRONG%3EHunting%3C%2FSTRONG%3E%3C%2FA%3E%3C%2FP%3E%0A%3CP%3EHunting%20related%20blogs%20provide%20an%20example%20of%20how%20to%20use%20and%20understand%20the%20associated%20query%20that%20is%20available%20in%20the%20Hunting%20category%20of%20the%20Azure%20Sentinel%20GitHub%20%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FAzure-Sentinel%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3Erepository%3C%2FA%3E.%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FAzure-Sentinel%2Fbg-p%2FAzureSentinelBlog%2Flabel-name%2FInvestigation%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3E%3CSTRONG%3EInvestigation%3C%2FSTRONG%3E%3C%2FA%3E%3C%2FP%3E%0A%3CP%3EInvestigation%20related%20blogs%20provide%20an%20example%20of%20how%20to%20use%20Azure%20Sentinel%20to%20investigate%20a%20potential%20breach.%26nbsp%3B%20This%20may%20include%20user%20experience%20features%20related%20to%20investigations%20and%20references%20to%20our%20variety%20of%20queries%20available%20in%20our%20Azure%20Sentinel%20GitHub%20%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FAzure-Sentinel%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3Erepository%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22462%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FAzure-Sentinel%2Fbg-p%2FAzureSentinelBlog%2Flabel-name%2FMachine%2520Learning%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3E%3CSTRONG%3EMachine%20Learning%3C%2FSTRONG%3E%3C%2FA%3E%3C%2FP%3E%0A%3CP%3EMachine%20Learning%20related%20blogs%20provide%20an%20example%20of%20how%20Azure%20Sentinel%20can%20use%20the%20built%20in%20machine%20learning%20algorithm%E2%80%99s%20available%20as%20part%20of%20the%20query%20language%20and%20how%20to%20use%20or%20implement%20custom%20machine%20learning%20algorithms.%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FAzure-Sentinel%2Fbg-p%2FAzureSentinelBlog%2Flabel-name%2FQuery%22%20target%3D%22_self%22%3E%3CSTRONG%3EQuery%20Language%20Tips%3C%2FSTRONG%3E%3C%2FA%3E%3C%2FP%3E%0A%3CP%3ELog%20analytics%2FKQL%20tips%20related%20to%20use%20of%20the%20language%2C%20functions%2C%20parsing%2C%20joins%2C%20unions%20and%20so%20on.%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%3E%3CP%3E%3CSTRONG%3E%3CU%3E%3CA%20href%3D%22https%3A%2F%2Fforms.office.com%2FPages%2FResponsePage.aspx%3Fid%3Dv4j5cvGGr0GRqy180BHbR7QeNwYmD3pIm9GCE9WqnGlUMTdMTkRIV0dPWjNNWU5CTENEQTFaQ1ZHTi4u%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3ERequest%3F%3C%2FA%3E%3C%2FU%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fforms.office.com%2FPages%2FResponsePage.aspx%3Fid%3Dv4j5cvGGr0GRqy180BHbR7QeNwYmD3pIm9GCE9WqnGlUMTdMTkRIV0dPWjNNWU5CTENEQTFaQ1ZHTi4u%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3EMake%20requests%3C%2FA%3E%20for%20new%20or%20updated%20queries%20that%20go%20directly%20into%20the%20query%20backlog%20of%20the%20development%20team%20that%20brought%20you%20Azure%20Sentinel.%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F121781iCA20F2CBC2F817CB%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22SentinalTOC-Footer.JPG%22%20title%3D%22SentinalTOC-Footer.JPG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-731727%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F121776iA96197CF6C49CB9F%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22AzureSentinTOC-Header.JPG%22%20title%3D%22AzureSentinTOC-Header.JPG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-731727%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAnnouncements%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ELogManagement%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Microsoft

 

SentinalTOC-TopHeader.JPG

 

Sentinel - core-capabilities.png

As Azure Sentinel Blogs grow in number, this Table of Contents will help you navigate the variety of topical areas.  This includes articles on log management, data ingestion, hunting, investigations, detections, features and all things in between.  The goal is to provide you with a central location to find information related to Azure Sentinel.

AzureSentinTOC.JPG

What’s New

Learn about new and upcoming features as well as general announcements about Azure Sentinel.

Log Management

Learn how to manage the data you have collected in Azure Sentinel.

Connectors

Learn how to implement data collection in Azure Sentinel to make your data readily available for Detections, Hunting and Investigations.

Detection

Detection related blogs provide an example of how to use and understand the associated query that is available in the Detections category of the Azure Sentinel GitHub repository.

Hunting

Hunting related blogs provide an example of how to use and understand the associated query that is available in the Hunting category of the Azure Sentinel GitHub repository.

Investigation

Investigation related blogs provide an example of how to use Azure Sentinel to investigate a potential breach.  This may include user experience features related to investigations and references to our variety of queries available in our Azure Sentinel GitHub repository

Machine Learning

Machine Learning related blogs provide an example of how Azure Sentinel can use the built in machine learning algorithm’s available as part of the query language and how to use or implement custom machine learning algorithms.

 

Query Language Tips

Log analytics/KQL tips related to use of the language, functions, parsing, joins, unions and so on.

 

Request?

Make requests for new or updated queries that go directly into the query backlog of the development team that brought you Azure Sentinel.

SentinalTOC-Footer.JPG