%3CLINGO-SUB%20id%3D%22lingo-sub-1273865%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20Sentinel%20Resource%20Terminus%20-%20board%20here!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1273865%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%20for%20Sharing%20this%20Awesome%20Overview%20with%20the%20Community%26nbsp%3B%3CIMG%20class%3D%22lia-deferred-image%20lia-image-emoji%22%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Fhtml%2Fimages%2Femoticons%2Fcool_40x40.gif%22%20alt%3D%22%3Acool%3A%22%20title%3D%22%3Acool%3A%22%20%2F%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1284942%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20Sentinel%20Resource%20Terminus%20-%20board%20here!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1284942%22%20slang%3D%22en-US%22%3E%3CP%3EThis%20is%20simply%20awesome.%20Thank%20you%20to%20everyone%20for%20sharing%20this%20link.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1269252%22%20slang%3D%22en-US%22%3EAzure%20Sentinel%20Resource%20Terminus%20-%20board%20here!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1269252%22%20slang%3D%22en-US%22%3E%3CH2%20id%3D%22toc-hId--1381307236%22%20id%3D%22toc-hId--1381307236%22%20id%3D%22toc-hId--1381307236%22%3EIntroduction%3C%2FH2%3E%0A%3CP%3EThis%20article%20is%20a%20collection%20of%20resources%20for%20Azure%20Sentinel%20designed%20to%20get%20you%20up%20and%20running%20with%20the%20service%20as%20quickly%20as%20possible.%20It%20is%20organized%20by%20broad%20topic%20area%20to%20allow%20you%20quickly%20navigate%20to%20your%20area%20of%20interest.%20Most%20topics%20are%20broken%20down%20into%20groups%20of%20related%20articles.%3C%2FP%3E%0A%3CP%20style%3D%22line-height%3A%201.71429%3B%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22AzureCircle.png%22%20style%3D%22width%3A%20193px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181357i92F27A2D30E85E55%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22AzureCircle.png%22%20alt%3D%22AzureCircle.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EMost%20of%20the%20resources%20in%20this%20article%20are%20listed%20in%20tables%20with%20a%20short%20title%20and%20a%20link%20to%20the%20resource.%20The%20final%20two%20columns%20in%20the%20table%20show%20the%20type%20of%20resource%20and%20an%20indication%20if%20the%20topic%20is%20relatively%20advanced%20or%20specialized.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CTABLE%3E%0A%3CTBODY%3E%0A%3CTR%3E%0A%3CTD%20width%3D%2284px%22%20height%3D%2230px%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_0-1585767814536.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181342i30F72FA1A6B9FF8B%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_0-1585767814536.png%22%20alt%3D%22ianhelle_0-1585767814536.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FTD%3E%0A%3CTD%20width%3D%22138px%22%20height%3D%2230px%22%3E%3CP%3EBlog%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%2284px%22%20height%3D%2230px%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_1-1585767814537.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181341iEDD900567C6B0E40%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_1-1585767814537.png%22%20alt%3D%22ianhelle_1-1585767814537.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FTD%3E%0A%3CTD%20width%3D%22138px%22%20height%3D%2230px%22%3E%3CP%3EAzure%20Document%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%2284px%22%20height%3D%2230px%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_2-1585767814538.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181343i5D66D92C64275414%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_2-1585767814538.png%22%20alt%3D%22ianhelle_2-1585767814538.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FTD%3E%0A%3CTD%20width%3D%22138px%22%20height%3D%2230px%22%3E%3CP%3EGitHub%20Location%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_3-1585767814538.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181344i2F4C7E60D0584FE8%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_3-1585767814538.png%22%20alt%3D%22ianhelle_3-1585767814538.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FTD%3E%0A%3CTD%3E%3CP%3EVideo%2FWebinar%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAdvanced%20articles%20are%20indicated%20with%20a%20bold%20%3CSTRONG%3E%3CEM%3EA.%3C%2FEM%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3ENote%3A%20%3C%2FSTRONG%3Emany%20of%20the%20video%2Fwebinar%20links%20have%20a%20companion%20deck.%20You%20view%20the%20full%20list%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fsecurity-privacy-compliance%2Fsecurity-community-webinars%2Fm-p%2F927888%22%20target%3D%22_self%22%3Ehere%3C%2FA%3E.%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId-1106205597%22%20id%3D%22toc-hId-1106205597%22%20id%3D%22toc-hId-1106205597%22%3EContents%3C%2FH2%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%3CA%20href%3D%22%23_Toc36633552%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EOverview%3C%2FA%3E%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%3CA%20href%3D%22%23_Toc36633553%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3ECreating%20Your%20Azure%20Sentinel%20Workspace%3C%2FA%3E%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%3CA%20href%3D%22%23_Toc36633554%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EOnboarding%20Data%3C%2FA%3E%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%3CA%20href%3D%22%23_Toc36633555%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EMonitoring%20Activity%3C%2FA%3E%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%3CA%20href%3D%22%23_Toc36633556%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EDetections%3C%2FA%3E%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%3CA%20href%3D%22%23_Toc36633557%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EInvestigations%3C%2FA%3E%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%3CA%20href%3D%22%23_Toc36633558%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EHunting%3C%2FA%3E%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%3CA%20href%3D%22%23_Toc36633559%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3ERemediation%20and%20Automation%3C%2FA%3E%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%3CA%20href%3D%22%23_Toc36633560%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3ECommunity%20Articles%20and%20Resources%3C%2FA%3E%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%3CA%20href%3D%22%23_Toc36633561%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EOther%20Resources%3C%2FA%3E%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId--701248866%22%20id%3D%22toc-hId--701248866%22%20id%3D%22toc-hId--701248866%22%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc36633552%22%3E%3C%2FA%3EOverview%3C%2FH2%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIf%20you%20are%20new%20to%20Azure%20Sentinel%20or%20need%20a%20refresher%20on%20the%20core%20components%20you%20should%20read%20this%20overview%20document.%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Foverview%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Foverview%3C%2FA%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIf%20you%20find%20terms%20in%20this%20document%20that%20you%20are%20not%20familiar%20with%2C%20you%20should%20refer%20back%20to%20the%20Azure%20Sentinel%20Overview%20to%20clarify%20them.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThis%20webinar%20is%20also%20useful%2C%20more%20technical%2C%20overview%20of%20Azure%20Sentinel%20Features%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3D7An7BB-CcQI%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EAzure%20Sentinel%20webinar%3A%20Understanding%20Azure%20Sentinel%20features%20and%20functionality%20deep%20dive%20-%20YouTube%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId--10687392%22%20id%3D%22toc-hId--10687392%22%20id%3D%22toc-hId--10687392%22%3EAzure%20Sentinel%20Community%20and%20Contributing%3C%2FH3%3E%0A%3CP%3EYou%20can%20contribute%20detections%2C%20hunting%20queries%2C%20workbooks%2C%20Jupyter%20notebooks%20and%20playbooks%20to%20the%20Azure%20Sentinel%20user%20community.%20Find%20out%20more%20about%20this%20here%3A%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FAzure-Sentinel%2Fwiki%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2FAzure%2FAzure-Sentinel%2Fwiki%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20Wiki%20is%20part%20of%20the%20Azure%20Sentinel%20GitHub%2C%20which%20is%20the%20central%20repository%20for%20Microsoft%20and%20community%20contributions%20to%20Azure%20Sentinel%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FAzure-Sentinel%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2FAzure%2FAzure-Sentinel%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId--21190496%22%20id%3D%22toc-hId--21190496%22%20id%3D%22toc-hId--21190496%22%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc36633553%22%3E%3C%2FA%3ECreating%20Your%20Azure%20Sentinel%20Workspace%3C%2FH2%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EMost%20of%20you%20reading%20this%20will%20have%20already%20set%20up%20your%20Workspace.%20If%20not%2C%20here%20is%20a%20quick%20introduction%3A%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Fquickstart-onboard%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Fquickstart-onboard%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-669370978%22%20id%3D%22toc-hId-669370978%22%20id%3D%22toc-hId-669370978%22%3EAutomating%20Azure%20Sentinel%20Setup%3C%2FH3%3E%0A%3CP%3EEven%20though%20this%20article%20is%20focused%20on%20setting%20up%20a%20lab%20environment%2C%20it%20contains%20a%20lot%20of%20information%20about%20automating%20workspace%20creation%20and%20configuration%20with%20Azure%20Resource%20Manager%20(ARM)%20templates.%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fazure-sentinel-to-go-sentinel-lab-w-prerecorded-data-amp-a%2Fba-p%2F1260191%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fazure-sentinel-to-go-sentinel-lab-w-prerecorded-data-amp-a%2Fba-p%2F1260191%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId--1138083485%22%20id%3D%22toc-hId--1138083485%22%20id%3D%22toc-hId--1138083485%22%3EOther%20Azure%20Sentinel%20Design%20and%20Deployment%20Articles%3C%2FH3%3E%0A%3CP%3EThese%20articles%20are%20all%20relatively%20advanced%20topics.%3C%2FP%3E%0A%3CTABLE%3E%0A%3CTBODY%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22127%22%3E%3CP%3ECloud%20%26amp%3B%20on-prem%20architecture%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22395%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fyoutu.be%2F_mm3GNwPBHU%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fyoutu.be%2F_mm3GNwPBHU%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2248%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_4-1585767814538.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181345iFCED64E92D30AAA6%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_4-1585767814538.png%22%20alt%3D%22ianhelle_4-1585767814538.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FTD%3E%0A%3CTD%20width%3D%2254%22%3E%3CP%3E%3CSTRONG%3E%3CEM%3EA%3C%2FEM%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22127%22%3E%3CP%3EManaging%20Multiple%20tenants%20with%20Azure%20Lighthouse%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22395%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fusing-azure-lighthouse-and-azure-sentinel-to-monitor-across%2Fba-p%2F1043899%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fusing-azure-lighthouse-and-azure-sentinel-to-monitor-across%2Fba-p%2F1043899%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2248%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_5-1585767814539.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181346i932541C47C779346%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_5-1585767814539.png%22%20alt%3D%22ianhelle_5-1585767814539.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FTD%3E%0A%3CTD%20width%3D%2254%22%3E%3CP%3E%3CSTRONG%3E%3CEM%3EA%3C%2FEM%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22127%22%3E%3CP%3EArchitect%20your%20Sentinel%20Deployment%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22395%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fbest-practices-for-designing-an-azure-sentinel-or-azure-security%2Fba-p%2F832574%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fbest-practices-for-designing-an-azure-sentinel-or-azure-security%2Fba-p%2F832574%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2248%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_6-1585767814539.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181347iA7CC2615E5145A25%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_6-1585767814539.png%22%20alt%3D%22ianhelle_6-1585767814539.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FTD%3E%0A%3CTD%20width%3D%2254%22%3E%3CP%3E%3CSTRONG%3E%3CEM%3EA%3C%2FEM%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22127%22%3E%3CP%3ERunning%20Sentinel%20alongside%20Splunk%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22395%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fazure-sentinel-side-by-side-with-splunk%2Fba-p%2F1211266%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fazure-sentinel-side-by-side-with-splunk%2Fba-p%2F1211266%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2248%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_7-1585767814539.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181348i498E1CD817372A02%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_7-1585767814539.png%22%20alt%3D%22ianhelle_7-1585767814539.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FTD%3E%0A%3CTD%20width%3D%2254%22%3E%3CP%3E%3CSTRONG%3E%3CEM%3EA%3C%2FEM%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22127%22%3E%3CP%3ETable%20Level%20Role%20Based%20Access%20Control%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22395%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Ftable-level-rbac-in-azure-sentinel%2Fba-p%2F965043%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Ftable-level-rbac-in-azure-sentinel%2Fba-p%2F965043%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2248%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_7-1585767814539.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181348i498E1CD817372A02%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_7-1585767814539.png%22%20alt%3D%22ianhelle_7-1585767814539.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2254%22%3E%3CP%3E%3CSTRONG%3E%3CEM%3EA%3C%2FEM%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%3E%3CP%3EDeploying%20and%20Managing%20Azure%20Sentinel%20as%20Code%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fdeploying-and-managing-azure-sentinel-as-code%2Fba-p%2F1131928%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fdeploying-and-managing-azure-sentinel-as-code%2Fba-p%2F1131928%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_7-1585767814539.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181348i498E1CD817372A02%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_7-1585767814539.png%22%20alt%3D%22ianhelle_7-1585767814539.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%3E%3CP%3E%3CSTRONG%3E%3CEM%3EA%3C%2FEM%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%3E%3CP%3ECombining%20Lighthouse%20with%20Sentinel%20DevOps%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fcombining-azure-lighthouse-with-sentinel-s-devops-capabilities%2Fba-p%2F1210966%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fcombining-azure-lighthouse-with-sentinel-s-devops-capabilities%2Fba-p%2F1210966%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_7-1585767814539.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181348i498E1CD817372A02%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_7-1585767814539.png%22%20alt%3D%22ianhelle_7-1585767814539.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%3E%3CP%3E%3CSTRONG%3E%3CEM%3EA%3C%2FEM%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId--1148586589%22%20id%3D%22toc-hId--1148586589%22%20id%3D%22toc-hId--1148586589%22%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc36633554%22%3E%3C%2FA%3EOnboarding%20Data%3C%2FH2%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId--458025115%22%20id%3D%22toc-hId--458025115%22%20id%3D%22toc-hId--458025115%22%3EIdentifying%20Critical%20Data%3C%2FH3%3E%0A%3CP%3EThe%20data%20that%20is%20critical%20to%20identifying%20malicious%20activity%20will%20vary%20from%20organization%20to%20organization.%20It%20will%20likely%20include%20many%20of%20the%20following%20categories%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CTABLE%3E%0A%3CTBODY%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22312%22%3E%3CP%3E%3CSTRONG%3ECategory%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22312%22%3E%3CP%3E%3CSTRONG%3EExamples%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22312%22%3E%3CP%3EHost%2FEndpoint%20Logs%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22312%22%3E%3CP%3ELog%20Analytics%20Agent%2C%20Syslog%2C%20Auditd%2C%20Windows%20Event%20Collection%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22312%22%3E%3CP%3EAuthentication%20Logs%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22312%22%3E%3CP%3EAzure%20Active%20Directory%2C%20AWS%20CloudTrail%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22312%22%3E%3CP%3ECloud%20Infrastructure%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22312%22%3E%3CP%3EAzure%20Activity%2C%20AWS%20CloudTrail%2C%20Azure%20Storage%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22312%22%3E%3CP%3ECloud%20Application%20Logs%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22312%22%3E%3CP%3EOffice%20365%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22312%22%3E%3CP%3ENetwork%20Infrastructure%20and%20Device%20Logs%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22312%22%3E%3CP%3ESyslog%2C%20Azure%20Network%20Analytics%2C%20OMS%20Wiredata%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-2029487718%22%20id%3D%22toc-hId-2029487718%22%20id%3D%22toc-hId-2029487718%22%3EIdentifying%20what%20data%20is%20already%20Onboarded%3C%2FH3%3E%0A%3CP%3EHow%20do%20you%20know%20what%20data%20you%20may%20have%20already%20available%20in%20Azure%20Log%20Analytics%3F%20You%20can%20use%20the%20Workspace%20Usage%20workbook%20for%20an%20overview%20of%20data%20usage%20in%20your%20workspace.%20Alternatively%2C%20use%20the%20Log%20Analytics%20query%20tool%20to%20browse%20around%20your%20data%20tables%20and%20their%20schema.%20The%20KQL%20%3CSTRONG%3Esearch%3C%2FSTRONG%3E%20is%20useful%20to%20get%20a%20view%20of%20how%20much%20data%20you%20have%20of%20each%20type%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EMore%20details%20of%20about%20querying%20data%20in%20Azure%20Sentinel%20can%20be%20found%20in%20this%20article%3A%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fazure-monitor%2Flog-query%2Flog-query-overview%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fazure-monitor%2Flog-query%2Flog-query-overview%3C%2FA%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId--473130224%22%20id%3D%22toc-hId--473130224%22%20id%3D%22toc-hId--473130224%22%3ECosts%20of%20Data%20in%20Azure%20Sentinel%3C%2FH3%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CTABLE%3E%0A%3CTBODY%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22163%22%3E%3CP%3EOffice%20365%2C%20Azure%20AD%20and%20AWS%20data%20are%20free%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22358%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fazure.microsoft.com%2Fen-us%2Fpricing%2Fdetails%2Fazure-sentinel%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fazure.microsoft.com%2Fen-us%2Fpricing%2Fdetails%2Fazure-sentinel%2F%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2251%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_1-1585767814537.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181341iEDD900567C6B0E40%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_1-1585767814537.png%22%20alt%3D%22ianhelle_1-1585767814537.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2251%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22163%22%3E%3CP%3ECalculate%20data%20storage%20costs%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22358%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fazure.microsoft.com%2Fen-us%2Fpricing%2Fcalculator%2F%3Fservice%3Dazure-sentinel%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fazure.microsoft.com%2Fen-us%2Fpricing%2Fcalculator%2F%3Fservice%3Dazure-sentinel%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2251%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_1-1585767814537.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181341iEDD900567C6B0E40%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_1-1585767814537.png%22%20alt%3D%22ianhelle_1-1585767814537.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2251%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22163%22%3E%3CP%3ECustom%20retention%20periods%20for%20data%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22358%22%3E%3CP%3E%3CSPAN%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fnew-per-data-type-retention-is-now-available-for-azure-sentinel%2Fba-p%2F917316%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fnew-per-data-type-retention-is-now-available-for-azure-sentinel%2Fba-p%2F917316%3C%2FA%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2251%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_7-1585767814539.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181348i498E1CD817372A02%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_7-1585767814539.png%22%20alt%3D%22ianhelle_7-1585767814539.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2251%22%3E%3CP%3E%3CSTRONG%3E%3CEM%3EA%3C%2FEM%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-2014382609%22%20id%3D%22toc-hId-2014382609%22%20id%3D%22toc-hId-2014382609%22%3EOnboarding%20new%20data%3C%2FH3%3E%0A%3CP%3EThese%20articles%20cover%20the%20general%20operation%20and%20setup%20of%20data%20connectors%20and%20ingestion%20of%20data%20into%20Azure%20Sentinel.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CTABLE%3E%0A%3CTBODY%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22130%22%3E%3CP%3EQuick%20Start%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22391%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Fquickstart-onboard%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Fquickstart-onboard%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2254%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_1-1585767814537.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181341iEDD900567C6B0E40%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_1-1585767814537.png%22%20alt%3D%22ianhelle_1-1585767814537.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2248%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22130%22%3E%3CP%3EGetting%20data%20into%20Azure%20Sentinel%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22391%22%3E%3CP%3E%3CSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3D4HuxC-eCegs%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3D4HuxC-eCegs%3C%2FA%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2254%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_4-1585767814538.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181345iFCED64E92D30AAA6%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_4-1585767814538.png%22%20alt%3D%22ianhelle_4-1585767814538.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2248%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22130%22%3E%3CP%3EBuilt-in%20Connectors%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22391%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Fconnect-data-sources%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Fconnect-data-sources%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2254%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_1-1585767814537.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181341iEDD900567C6B0E40%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_1-1585767814537.png%22%20alt%3D%22ianhelle_1-1585767814537.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2248%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22130%22%3E%3CP%3ECustom%20Connectors%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22391%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fazure-sentinel-creating-custom-connectors%2Fba-p%2F864060%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fazure-sentinel-creating-custom-connectors%2Fba-p%2F864060%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2254%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_6-1585767814539.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181347iA7CC2615E5145A25%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_6-1585767814539.png%22%20alt%3D%22ianhelle_6-1585767814539.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2248%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-206928146%22%20id%3D%22toc-hId-206928146%22%20id%3D%22toc-hId-206928146%22%3ECommon%20Data%20Sources%3C%2FH3%3E%0A%3CP%3EAzure%20Sentinel%20documentation%20has%20many%20articles%20covering%20ingesting%20data%20from%20hosts%2C%20Microsoft%20Security%20Services%20and%20Cloud%20Services%20and%20other%20common%20sources.%20The%20following%20table%20highlights%20some%20of%20these.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CTABLE%3E%0A%3CTBODY%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22124%22%3E%3CP%3EWindows%20Security%20Events%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22398%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Fconnect-windows-security-events%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Fconnect-windows-security-events%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2254%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_1-1585767814537.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181341iEDD900567C6B0E40%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_1-1585767814537.png%22%20alt%3D%22ianhelle_1-1585767814537.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2248%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22124%22%3E%3CP%3EAWS%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22398%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Fconnect-aws%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Fconnect-aws%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2254%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_1-1585767814537.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181341iEDD900567C6B0E40%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_1-1585767814537.png%22%20alt%3D%22ianhelle_1-1585767814537.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2248%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22124%22%3E%3CP%3EAzure%20Active%20Directory%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22398%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Fconnect-azure-active-directory%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Fconnect-azure-active-directory%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2254%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_1-1585767814537.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181341iEDD900567C6B0E40%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_1-1585767814537.png%22%20alt%3D%22ianhelle_1-1585767814537.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2248%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22124%22%3E%3CP%3EOffice%20365%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22398%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Fconnect-office-365%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Fconnect-office-365%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2254%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_1-1585767814537.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181341iEDD900567C6B0E40%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_1-1585767814537.png%22%20alt%3D%22ianhelle_1-1585767814537.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2248%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22124%22%3E%3CP%3EMicrosoft%20Teams%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22398%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fprotecting-your-teams-with-azure-sentinel%2Fba-p%2F1265761%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fprotecting-your-teams-with-azure-sentinel%2Fba-p%2F1265761%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2254%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_1-1585767814537.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181341iEDD900567C6B0E40%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_1-1585767814537.png%22%20alt%3D%22ianhelle_1-1585767814537.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2248%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22124%22%3E%3CP%3EAzure%20Security%20Center%20alerts%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22398%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Fconnect-azure-security-center%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Fconnect-azure-security-center%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2254%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_1-1585767814537.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181341iEDD900567C6B0E40%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_1-1585767814537.png%22%20alt%3D%22ianhelle_1-1585767814537.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2248%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22124%22%3E%3CP%3EMicrosoft%20Defender%20alerts%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22398%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Fconnect-microsoft-defender-advanced-threat-protection%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Fconnect-microsoft-defender-advanced-threat-protection%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2254%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_1-1585767814537.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181341iEDD900567C6B0E40%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_1-1585767814537.png%22%20alt%3D%22ianhelle_1-1585767814537.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2248%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22124%22%3E%3CP%3ECloud%20App%20Security%20(MCAS)%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22398%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Fconnect-cloud-app-security%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Fconnect-cloud-app-security%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2254%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_1-1585767814537.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181341iEDD900567C6B0E40%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_1-1585767814537.png%22%20alt%3D%22ianhelle_1-1585767814537.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2248%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22124%22%3E%3CP%3EAzure%20Activity%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22398%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Fconnect-azure-activity%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Fconnect-azure-activity%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2254%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_1-1585767814537.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181341iEDD900567C6B0E40%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_1-1585767814537.png%22%20alt%3D%22ianhelle_1-1585767814537.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2248%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22124%22%3E%3CP%3ESyslog%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22398%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Fconnect-syslog%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Fconnect-syslog%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2254%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_1-1585767814537.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181341iEDD900567C6B0E40%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_1-1585767814537.png%22%20alt%3D%22ianhelle_1-1585767814537.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2248%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22124%22%3E%3CP%3ECEF%20(Common%20Event%20Format)%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22398%22%3E%3CP%3E%3CSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Fconnect-common-event-format%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Fconnect-common-event-format%3C%2FA%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2254%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_1-1585767814537.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181341iEDD900567C6B0E40%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_1-1585767814537.png%22%20alt%3D%22ianhelle_1-1585767814537.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2248%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIn%20the%20same%20section%20as%20the%20references%20in%20the%20previous%2C%20you%20can%20also%20find%20instructions%20on%20other%20data%20sources%20such%20as%20Azure%20ATP%2C%20Windows%20Firewall%2C%20Azure%20Information%20Protection%2C%20Barracuda%2C%20Citrix%2C%20F5%2C%20ForcePoint%2C%20Squandra%2C%20Symantec%20and%20others.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId--1600526317%22%20id%3D%22toc-hId--1600526317%22%20id%3D%22toc-hId--1600526317%22%3EOther%20Data%20Sources%3C%2FH3%3E%0A%3CP%3EOther%20references%20on%20importing%20log%20data%20into%20Azure%20Sentinel.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CTABLE%3E%0A%3CTBODY%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22130%22%3E%3CP%3ELinux%20Auditd%20ingestion%20and%20monitoring%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22391%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fingesting-auditd-configured-for-pam-tty-session-key-logging-into%2Fba-p%2F1113827%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fingesting-auditd-configured-for-pam-tty-session-key-logging-into%2Fba-p%2F1113827%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2254%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_6-1585767814539.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181347iA7CC2615E5145A25%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_6-1585767814539.png%22%20alt%3D%22ianhelle_6-1585767814539.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2248%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22130%22%3E%3CP%3EBest%20Practices%20for%20bringing%20in%20Common%20Event%20Framework%20data%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22391%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fbest-practices-for-common-event-format-cef-collection-in-azure%2Fba-p%2F969990%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fbest-practices-for-common-event-format-cef-collection-in-azure%2Fba-p%2F969990%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2254%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_6-1585767814539.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181347iA7CC2615E5145A25%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_6-1585767814539.png%22%20alt%3D%22ianhelle_6-1585767814539.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2248%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22130%22%3E%3CP%3EUnderstanding%20the%20Log%20Analytics%20Agent%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22391%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fazure-monitor%2Fplatform%2Flog-analytics-agent%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fazure-monitor%2Fplatform%2Flog-analytics-agent%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2254%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_1-1585767814537.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181341iEDD900567C6B0E40%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_1-1585767814537.png%22%20alt%3D%22ianhelle_1-1585767814537.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2248%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%3E%3CP%3EBringing%20in%20Proofpoint%20TAP%20logs%20to%20Azure%20Sentinel%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fsending-proofpoint-tap-logs-to-azure-sentinel%2Fba-p%2F767727%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fsending-proofpoint-tap-logs-to-azure-sentinel%2Fba-p%2F767727%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_6-1585767814539.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181347iA7CC2615E5145A25%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_6-1585767814539.png%22%20alt%3D%22ianhelle_6-1585767814539.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%3E%3CP%3E%3CSTRONG%3E%3CEM%3EA%3C%2FEM%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-886986516%22%20id%3D%22toc-hId-886986516%22%20id%3D%22toc-hId-886986516%22%3EThreat%20Intelligence%20Data%3C%2FH3%3E%0A%3CP%3EThreat%20intelligence%20data%20can%20enhance%20your%20ability%20to%20detect%20malicious%20actions%20in%20detections%2C%20investigations%20and%20hunting.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CTABLE%3E%0A%3CTBODY%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22131%22%3E%3CP%3EBring%20your%20own%20Threat%20Intel%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22391%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fbring-your-threat-intelligence-to-azure-sentinel%2Fba-p%2F1167546%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fbring-your-threat-intelligence-to-azure-sentinel%2Fba-p%2F1167546%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2254%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_6-1585767814539.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181347iA7CC2615E5145A25%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_6-1585767814539.png%22%20alt%3D%22ianhelle_6-1585767814539.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2248%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22131%22%3E%3CP%3EDeep%20Dive%20in%20Threat%20Intelligence%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22391%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fyoutu.be%2FzfoVe4iarto%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fyoutu.be%2FzfoVe4iarto%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2254%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_4-1585767814538.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181345iFCED64E92D30AAA6%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_4-1585767814538.png%22%20alt%3D%22ianhelle_4-1585767814538.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2248%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId--1049550666%22%20id%3D%22toc-hId--1049550666%22%20id%3D%22toc-hId--1049550666%22%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc36633555%22%3E%3C%2FA%3EMonitoring%20Activity%3C%2FH2%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EBasic%20information%20about%20your%20workspace%20is%20available%20in%20the%20Overview%20panel.%20The%20Incidents%20pane%20is%20also%20a%20key%20view%20where%20you%20can%20see%20current%20unresolved%20incidents%20from%20alerts%20(see%20%3CEM%3EDetections%3C%2FEM%3E%20section%20later%20in%20the%20document).%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-1567044886%22%20id%3D%22toc-hId-1567044886%22%20id%3D%22toc-hId-1567044886%22%3EWorkbooks%3C%2FH3%3E%0A%3CP%3EWorkbooks%20are%20one%20of%20the%20most%20useful%20tools%20in%20monitoring%20ongoing%20operations.%20Workbooks%20are%20a%20type%20of%20interactive%20and%20customizable%20dashboard%20view%20that%20gather%20multiple%20views%20and%20visualizations%20of%20data%20into%20a%20single%20pane.%3C%2FP%3E%0A%3CP%3EThey%20can%20include%20queried%20data%20from%20any%20Azure%20Sentinel%20table%20although%20are%20often%20designed%20to%20show%20multiple%20facets%20of%20one%20specific%20data%20set.%20You%20can%20choose%20from%20a%20variety%20of%20workbooks%20available%20within%20Azure%20Sentinel%20and%20a%20larger%20selection%20in%20the%20Azure%20Sentinel%20GitHub%20repo.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CTABLE%3E%0A%3CTBODY%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22158%22%3E%3CP%3EWorkbooks%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22363%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Ftutorial-monitor-your-data%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Ftutorial-monitor-your-data%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2254%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_1-1585767814537.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181341iEDD900567C6B0E40%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_1-1585767814537.png%22%20alt%3D%22ianhelle_1-1585767814537.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2248%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22158%22%3E%3CP%3EGitHub%20available%20Workbooks%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22363%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FAzure-Sentinel%2Ftree%2Fmaster%2FWorkbooks%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2FAzure%2FAzure-Sentinel%2Ftree%2Fmaster%2FWorkbooks%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2254%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_2-1585767814538.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181343i5D66D92C64275414%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_2-1585767814538.png%22%20alt%3D%22ianhelle_2-1585767814538.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2248%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId--369492296%22%20id%3D%22toc-hId--369492296%22%20id%3D%22toc-hId--369492296%22%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc36633556%22%3E%3C%2FA%3EDetections%3C%2FH2%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAzure%20Sentinel%20has%20many%20built-in%20detections.%20You%20can%20supplement%20these%20with%20alerts%20from%20your%20other%20detection%20services%20such%20as%20Azure%20Security%20Center%2C%20Office365%20ATP%2C%20WDATP%20and%20Azure%20ATP.%20You%20can%20also%20create%20your%20own%20detection%20rules%20or%20import%20them%20from%20other%20sources.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId--2047864040%22%20id%3D%22toc-hId--2047864040%22%20id%3D%22toc-hId--2047864040%22%3EEnabling%20Azure%20Sentinel%20Detections%3C%2FH3%3E%0A%3CP%3EThese%20references%20describe%20the%20Azure%20Sentinel%20built-in%20detection%20rules%20and%20some%20other%20common%20detection%20sources.%20For%20building%20your%20own%20custom%20detection%20rules%20see%20also%20the%20articles%20in%20the%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CEM%3ELog%20Queries%20and%20the%20Kusto%20Query%20Language%3C%2FEM%3E%20section%20later%20in%20the%20document.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CTABLE%3E%0A%3CTBODY%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22130%22%3E%3CP%3EBuilt-in%20Detections%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22391%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Ftutorial-detect-threats-built-in%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Ftutorial-detect-threats-built-in%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2254%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_1-1585767814537.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181341iEDD900567C6B0E40%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_1-1585767814537.png%22%20alt%3D%22ianhelle_1-1585767814537.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2248%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22130%22%3E%3CP%3ECustom%20Analytics%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22391%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Ftutorial-detect-threats-custom%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Ftutorial-detect-threats-custom%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2254%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_1-1585767814537.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181341iEDD900567C6B0E40%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_1-1585767814537.png%22%20alt%3D%22ianhelle_1-1585767814537.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2248%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22130%22%3E%3CP%3ECreate%20Incidents%20from%20Alerts%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22391%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Fcreate-incidents-from-alerts%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Fcreate-incidents-from-alerts%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2254%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_1-1585767814537.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181341iEDD900567C6B0E40%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_1-1585767814537.png%22%20alt%3D%22ianhelle_1-1585767814537.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2248%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22130%22%3E%3CP%3EURL%20Detonation%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22391%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fusing-the-new-built-in-url-detonation-in-azure-sentinel%2Fba-p%2F996229%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fusing-the-new-built-in-url-detonation-in-azure-sentinel%2Fba-p%2F996229%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2254%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_6-1585767814539.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181347iA7CC2615E5145A25%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_6-1585767814539.png%22%20alt%3D%22ianhelle_6-1585767814539.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2248%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22130%22%3E%3CP%3EAzure%20Security%20Center%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22391%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fintegrating-azure-security-center-with-azure-sentinel%2Fba-p%2F482847%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fintegrating-azure-security-center-with-azure-sentinel%2Fba-p%2F482847%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2254%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_6-1585767814539.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181347iA7CC2615E5145A25%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_6-1585767814539.png%22%20alt%3D%22ianhelle_6-1585767814539.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2248%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22130%22%3E%3CP%3EOffice%20365%20Alerts%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22391%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fingesting-office-365-alerts-with-graph-security-api%2Fba-p%2F984888%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fingesting-office-365-alerts-with-graph-security-api%2Fba-p%2F984888%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2254%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_6-1585767814539.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181347iA7CC2615E5145A25%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_6-1585767814539.png%22%20alt%3D%22ianhelle_6-1585767814539.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2248%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22130%22%3E%3CP%3EMultistage%20attack%20detection%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22391%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Ffusion%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Ffusion%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2254%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_1-1585767814537.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181341iEDD900567C6B0E40%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_1-1585767814537.png%22%20alt%3D%22ianhelle_1-1585767814537.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2248%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22130%22%3E%3CP%3EDetection%20Details%20and%20public%20repository%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22391%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FAzure-Sentinel%2Ftree%2Fmaster%2FDetections%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2FAzure%2FAzure-Sentinel%2Ftree%2Fmaster%2FDetections%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2254%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_2-1585767814538.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181343i5D66D92C64275414%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_2-1585767814538.png%22%20alt%3D%22ianhelle_2-1585767814538.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2248%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-439648793%22%20id%3D%22toc-hId-439648793%22%20id%3D%22toc-hId-439648793%22%3EExternal%20Detection%20Rule%20Sources%20and%20Providers%3C%2FH3%3E%0A%3CP%3EYou%20can%20also%20integrate%20with%20other%20threat%20detection%20services%20to%20Sigma%20rules%20are%20a%20particularly%20useful%20source%20of%20detection%20logic.%20The%20Proofpoint%20TAP%20blog%20shows%20a%20general%20mechanism%20for%20importing%20alerts%20from%20a%20REST%20API.%20This%20can%20be%20used%20to%20bring%20Alerts%20from%20many%20providers%20into%20Azure%20Sentinel.%20Many%20of%20the%20data%20providers%20listed%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CTABLE%3E%0A%3CTBODY%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22128%22%3E%3CP%3EImporting%20Sigma%20Rules%20to%20Azure%20Sentinel%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22394%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fimporting-sigma-rules-to-azure-sentinel%2Fba-p%2F657097%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fimporting-sigma-rules-to-azure-sentinel%2Fba-p%2F657097%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2254%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_6-1585767814539.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181347iA7CC2615E5145A25%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_6-1585767814539.png%22%20alt%3D%22ianhelle_6-1585767814539.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2248%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22128%22%3E%3CP%3ESigma%20and%20SOCPrime%20integration%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22394%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fazure-sentinel-sigma-and-soc-prime-integration-part-1%2Fba-p%2F1232903%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fazure-sentinel-sigma-and-soc-prime-integration-part-1%2Fba-p%2F1232903%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2254%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_6-1585767814539.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181347iA7CC2615E5145A25%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_6-1585767814539.png%22%20alt%3D%22ianhelle_6-1585767814539.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2248%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22128%22%3E%3CP%3EIngesting%20AlienVault%20OTX%20into%20Azure%20Sentinel%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22394%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fingesting-alien-vault-otx-threat-indicators-into-azure-sentinel%2Fba-p%2F1086566%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fingesting-alien-vault-otx-threat-indicators-into-azure-sentinel%2Fba-p%2F1086566%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2254%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_6-1585767814539.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181347iA7CC2615E5145A25%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_6-1585767814539.png%22%20alt%3D%22ianhelle_6-1585767814539.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2248%22%3E%3CP%3E%3CSTRONG%3E%3CEM%3EA%3C%2FEM%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId--798726448%22%20id%3D%22toc-hId--798726448%22%20id%3D%22toc-hId--798726448%22%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc36633557%22%3E%3C%2FA%3EInvestigations%3C%2FH2%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-1817869104%22%20id%3D%22toc-hId-1817869104%22%20id%3D%22toc-hId-1817869104%22%3EOverview%3C%2FH3%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CTABLE%3E%0A%3CTBODY%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22132%22%3E%3CP%3EEnd-to-End%20SOC%20scenario%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22390%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fwww.youtube.com%2Fwatch%3F%250bv%3DHloK6Ay4h1M%26amp%3Bfeature%3Dyoutu.be%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.youtube.com%2Fwatch%3F%3CBR%20%2F%3Ev%3DHloK6Ay4h1M%26amp%3Bfeature%3Dyoutu.be%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2254%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_4-1585767814538.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181345iFCED64E92D30AAA6%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_4-1585767814538.png%22%20alt%3D%22ianhelle_4-1585767814538.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2248%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-10414641%22%20id%3D%22toc-hId-10414641%22%20id%3D%22toc-hId-10414641%22%3EInvestigation%20Graph%3C%2FH3%3E%0A%3CP%3EThe%20investigation%20graph%20is%20the%20hub%20around%20which%20many%20investigation%20tasks%20pivot.%20It%20gives%20you%20an%20interactive%20graphical%20view%20of%20connected%20alerts%20and%20entities%20related%20to%20a%20single%20investigation.%20You%20can%20explore%20the%20context%20of%20each%20item%20in%20the%20investigation%20panel%2C%20add%20related%20entities%20and%20view%20the%20timeline%20of%20the%20attack.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CTABLE%3E%0A%3CTBODY%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22132%22%3E%3CP%3EInvestigation%20Graph%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22390%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Ftutorial-investigate-cases%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Ftutorial-investigate-cases%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2254%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_1-1585767814537.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181341iEDD900567C6B0E40%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_1-1585767814537.png%22%20alt%3D%22ianhelle_1-1585767814537.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2248%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId--1797039822%22%20id%3D%22toc-hId--1797039822%22%20id%3D%22toc-hId--1797039822%22%3ELog%20Queries%20and%20the%20Kusto%20Query%20Language%3C%2FH3%3E%0A%3CP%3EThe%20core%20of%20Azure%20Sentinel%20is%20the%20query%20engine.%20Detections%2C%20Workbooks%2C%20Hunting%20and%20Investigation%20tools%20are%20all%20powered%20by%20the%20Log%20Analytics%20query%20engine.%20You%20will%20need%20to%20have%20some%20understanding%20of%20Kusto%20in%20order%20to%20ad%20hoc%20querying%20or%20create%20new%20detection%20alerts.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CTABLE%3E%0A%3CTBODY%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22127%22%3E%3CP%3EIntroduction%20to%20Log%20Query%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22394%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fazure-monitor%2Flog-query%2Flog-query-overview%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fazure-monitor%2Flog-query%2Flog-query-overview%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2254%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_1-1585767814537.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181341iEDD900567C6B0E40%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_1-1585767814537.png%22%20alt%3D%22ianhelle_1-1585767814537.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2248%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22127%22%3E%3CP%3EAzure%20Sentinel%20Correlation%20%E2%80%93%20Join%20operator%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22394%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fazure-sentinel-correlation-rules-the-join-kql-operator%2Fba-p%2F1041500%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fazure-sentinel-correlation-rules-the-join-kql-operator%2Fba-p%2F1041500%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2254%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_6-1585767814539.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181347iA7CC2615E5145A25%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_6-1585767814539.png%22%20alt%3D%22ianhelle_6-1585767814539.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2248%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22127%22%3E%3CP%3EAzure%20Sentinel%20Correlation%20%E2%80%93%20make_list%2Fin%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22394%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fazure-sentinel-correlation-rules-active-lists-out-make-list-in%2Fba-p%2F1029225%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fazure-sentinel-correlation-rules-active-lists-out-make-list-in%2Fba-p%2F1029225%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2254%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_6-1585767814539.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181347iA7CC2615E5145A25%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_6-1585767814539.png%22%20alt%3D%22ianhelle_6-1585767814539.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2248%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22127%22%3E%3CP%3EDeep%20dive%20on%20correlation%20Rules%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22394%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fyoutu.be%2FpJjljBT4ipQ%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fyoutu.be%2FpJjljBT4ipQ%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2254%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_4-1585767814538.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181345iFCED64E92D30AAA6%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_4-1585767814538.png%22%20alt%3D%22ianhelle_4-1585767814538.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2248%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22127%22%3E%3CP%3EKQL%20Functions%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22394%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fusing-kql-functions-to-speed-up-analysis-in-azure-sentinel%2Fba-p%2F712381%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fusing-kql-functions-to-speed-up-analysis-in-azure-sentinel%2Fba-p%2F712381%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2254%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_6-1585767814539.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181347iA7CC2615E5145A25%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_6-1585767814539.png%22%20alt%3D%22ianhelle_6-1585767814539.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2248%22%3E%3CP%3E%3CSTRONG%3E%3CEM%3EA%3C%2FEM%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22127%22%3E%3CP%3EKQL%20Reference%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22394%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fkusto%2Fquery%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fkusto%2Fquery%2F%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2254%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_1-1585767814537.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181341iEDD900567C6B0E40%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_1-1585767814537.png%22%20alt%3D%22ianhelle_1-1585767814537.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2248%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22127%22%3E%3CP%3EIntroduction%20to%20KQL%20(Pluralsight)%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22394%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fapp.pluralsight.com%2Flibrary%2Fcourses%2Fkusto-query-language-kql-from-scratch%2Ftable-of-contents%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fapp.pluralsight.com%2Flibrary%2Fcourses%2Fkusto-query-language-kql-from-scratch%2Ftable-of-contents%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2254%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_4-1585767814538.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181345iFCED64E92D30AAA6%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_4-1585767814538.png%22%20alt%3D%22ianhelle_4-1585767814538.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2248%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22127%22%3E%3CP%3EIncluding%20external%20data%20in%20your%20queries%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22394%22%3E%3CP%3E%3CSPAN%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fimplementing-lookups-in-azure-sentinel-part-1-reference-files%2Fba-p%2F1091306%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fimplementing-lookups-in-azure-sentinel-part-1-reference-files%2Fba-p%2F1091306%3C%2FA%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2254%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_6-1585767814539.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181347iA7CC2615E5145A25%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_6-1585767814539.png%22%20alt%3D%22ianhelle_6-1585767814539.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2248%22%3E%3CP%3E%3CSTRONG%3E%3CEM%3EA%3C%2FEM%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-690473011%22%20id%3D%22toc-hId-690473011%22%20id%3D%22toc-hId-690473011%22%3EWorkbooks%3C%2FH3%3E%0A%3CP%3EUsing%20workbooks%20to%20show%20multiple%20views%20of%20related%20data%20can%20help%20you%20understand%20the%20context%20of%20different%20elements%20involved%20in%20a%20potential%20attack.%20If%20an%20attack%20is%20confirmed%2C%20they%20can%20also%20help%20you%20understand%20the%20connections%20and%20further%20understand%20blast%20radius.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CTABLE%3E%0A%3CTBODY%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22158%22%3E%3CP%3EWorkbooks%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22363%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Ftutorial-monitor-your-data%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Ftutorial-monitor-your-data%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2254%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_1-1585767814537.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181341iEDD900567C6B0E40%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_1-1585767814537.png%22%20alt%3D%22ianhelle_1-1585767814537.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2248%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22158%22%3E%3CP%3EGitHub%20available%20Workbooks%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22363%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FAzure-Sentinel%2Ftree%2Fmaster%2FWorkbooks%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2FAzure%2FAzure-Sentinel%2Ftree%2Fmaster%2FWorkbooks%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2254%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_2-1585767814538.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181343i5D66D92C64275414%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_2-1585767814538.png%22%20alt%3D%22ianhelle_2-1585767814538.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2248%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId--1246064171%22%20id%3D%22toc-hId--1246064171%22%20id%3D%22toc-hId--1246064171%22%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc36633558%22%3E%3C%2FA%3EHunting%3C%2FH2%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThreat%20hunting%20can%20identify%20previously%20undetected%20malicious%20activity%20in%20your%20environment.%20As%20well%20as%20spotting%20potentially%20malicious%20activities.%20You%20can%20use%20your%20hunting%20findings%20to%20create%20detection%20rules%20that%20will%20alert%20on%20these%20patterns%20in%20the%20future.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-1370531381%22%20id%3D%22toc-hId-1370531381%22%20id%3D%22toc-hId-1370531381%22%3EThreat%20Hunting%20and%20Investigation%20Techniques%3C%2FH3%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CTABLE%3E%0A%3CTBODY%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22130%22%3E%3CP%3EGeneral%20Threat%20Hunting%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22346%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fidentifying-threat-hunting-opportunities-in-your-data%2Fba-p%2F915721%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fidentifying-threat-hunting-opportunities-in-your-data%2Fba-p%2F915721%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2274%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_6-1585767814539.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181347iA7CC2615E5145A25%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_6-1585767814539.png%22%20alt%3D%22ianhelle_6-1585767814539.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2274%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22130%22%3E%3CP%3EUsing%20Bookmarks%20in%20hunting%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22346%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Fbookmarks%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Fbookmarks%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2274%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_1-1585767814537.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181341iEDD900567C6B0E40%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_1-1585767814537.png%22%20alt%3D%22ianhelle_1-1585767814537.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2274%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22130%22%3E%3CP%3EUsing%20Livestream%20in%20hunting%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22346%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Flivestream%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Flivestream%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2274%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_1-1585767814537.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181341iEDD900567C6B0E40%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_1-1585767814537.png%22%20alt%3D%22ianhelle_1-1585767814537.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2274%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22130%22%3E%3CP%3ETracking%20High%20Value%20Accounts%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22346%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fazure-sentinel-performing-additional-security-monitoring-of-high%2Fba-p%2F430740%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fazure-sentinel-performing-additional-security-monitoring-of-high%2Fba-p%2F430740%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2274%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_6-1585767814539.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181347iA7CC2615E5145A25%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_6-1585767814539.png%22%20alt%3D%22ianhelle_6-1585767814539.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2274%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22130%22%3E%3CP%3EUsing%20Time%20series%20analysis%20to%20detect%20anomalous%20patterns%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22346%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Ftime-series-visualization-of-palo-alto-logs-to-detect-data%2Fba-p%2F666344%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Ftime-series-visualization-of-palo-alto-logs-to-detect-data%2Fba-p%2F666344%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Flooking-for-unknown-anomalies-what-is-normal-time-series%2Fba-p%2F555052%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Flooking-for-unknown-anomalies-what-is-normal-time-series%2Fba-p%2F555052%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2274%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_6-1585767814539.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181347iA7CC2615E5145A25%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_6-1585767814539.png%22%20alt%3D%22ianhelle_6-1585767814539.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2274%22%3E%3CP%3E%3CSTRONG%3E%3CEM%3EA%3C%2FEM%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22130%22%3E%3CP%3EIdentifying%20Network%20Beaconing%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22346%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fdetect-network-beaconing-via-intra-request-time-delta-patterns%2Fba-p%2F779586%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fdetect-network-beaconing-via-intra-request-time-delta-patterns%2Fba-p%2F779586%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2274%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_6-1585767814539.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181347iA7CC2615E5145A25%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_6-1585767814539.png%22%20alt%3D%22ianhelle_6-1585767814539.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2274%22%3E%3CP%3E%3CSTRONG%3E%3CEM%3EA%3C%2FEM%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22130%22%3E%3CP%3EOffice%20365%20specific%20threat%20hunting%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22346%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Foffice-365-email-activity-and-data-exfiltration-detection%2Fba-p%2F1169652%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Foffice-365-email-activity-and-data-exfiltration-detection%2Fba-p%2F1169652%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2274%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_6-1585767814539.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181347iA7CC2615E5145A25%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_6-1585767814539.png%22%20alt%3D%22ianhelle_6-1585767814539.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2274%22%3E%3CP%3E%3CSTRONG%3E%3CEM%3EA%3C%2FEM%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22130%22%3E%3CP%3ETaking%20a%20known%20breach%20and%20looking%20at%20your%20environment%20-%20Capital%20One%20Breach%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22346%22%3E%3CP%3EPart%201%20-%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fhunting-for-capital-one-breach-ttps-in-aws-logs-using-azure%2Fba-p%2F1014258%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fhunting-for-capital-one-breach-ttps-in-aws-logs-using-azure%2Fba-p%2F1014258%3C%2FA%3E%3C%2FP%3E%0A%3CP%3EPart%202%20-%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fhunting-for-capital-one-breach-ttps-in-aws-logs-using-azure%2Fba-p%2F1019767%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fhunting-for-capital-one-breach-ttps-in-aws-logs-using-azure%2Fba-p%2F1019767%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2274%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_6-1585767814539.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181347iA7CC2615E5145A25%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_6-1585767814539.png%22%20alt%3D%22ianhelle_6-1585767814539.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2274%22%3E%3CP%3E%3CSTRONG%3E%3CEM%3EA%3C%2FEM%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22130%22%3E%3CP%3EGitHub%20available%20Hunting%20queries%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22346%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FAzure-Sentinel%2Ftree%2Fmaster%2FHunting%2520Queries%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2FAzure%2FAzure-Sentinel%2Ftree%2Fmaster%2FHunting%2520Queries%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2274%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_2-1585767814538.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181343i5D66D92C64275414%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_2-1585767814538.png%22%20alt%3D%22ianhelle_2-1585767814538.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2274%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId--436923082%22%20id%3D%22toc-hId--436923082%22%20id%3D%22toc-hId--436923082%22%3EWorkbooks%3C%2FH3%3E%0A%3CP%3EWorkbooks%20can%20help%20you%20easily%20identify%20trends%2C%20blast%20radius%20and%20identify%20areas%20of%20further%20investigation.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CTABLE%3E%0A%3CTBODY%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22128%22%3E%3CP%3EMapping%20your%20users%20travel%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22352%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fhow-to-use-azure-sentinel-to-follow-a-users-travel-and-map-their%2Fba-p%2F981716%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fhow-to-use-azure-sentinel-to-follow-a-users-travel-and-map-their%2Fba-p%2F981716%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2272%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_6-1585767814539.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181347iA7CC2615E5145A25%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_6-1585767814539.png%22%20alt%3D%22ianhelle_6-1585767814539.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2272%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22128%22%3E%3CP%3EMap%20security%20events%20across%20the%20globe%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22352%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fhow-to-use-azure-monitor-workbooks-to-map-sentinel-data%2Fba-p%2F971818%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fhow-to-use-azure-monitor-workbooks-to-map-sentinel-data%2Fba-p%2F971818%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2272%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_6-1585767814539.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181347iA7CC2615E5145A25%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_6-1585767814539.png%22%20alt%3D%22ianhelle_6-1585767814539.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2272%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22128%22%3E%3CP%3EGitHub%20available%20Workbooks%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22352%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FAzure-Sentinel%2Ftree%2Fmaster%2FWorkbooks%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2FAzure%2FAzure-Sentinel%2Ftree%2Fmaster%2FWorkbooks%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2272%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_2-1585767814538.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181343i5D66D92C64275414%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_2-1585767814538.png%22%20alt%3D%22ianhelle_2-1585767814538.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2272%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-2050589751%22%20id%3D%22toc-hId-2050589751%22%20id%3D%22toc-hId-2050589751%22%3EJupyter%20Notebooks%3C%2FH3%3E%0A%3CP%3EJupyter%20Notebooks%20for%20advance%20investigations%20allow%20for%20extensive%20customization%2C%20bringing%20in%20multiple%20disparate%20tools%20and%20methods%20available%20across%20the%20cyber%20security%20landscape.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CTABLE%3E%0A%3CTBODY%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22134px%22%20height%3D%2284px%22%3E%3CP%3EGetting%20started%20with%20Jupyter%20Notebooks%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22359px%22%20height%3D%2284px%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Fnotebooks%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Fnotebooks%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2272px%22%20height%3D%2284px%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_1-1585767814537.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181341iEDD900567C6B0E40%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_1-1585767814537.png%22%20alt%3D%22ianhelle_1-1585767814537.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2272px%22%20height%3D%2284px%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22134px%22%20height%3D%2284px%22%3E%3CP%3EUsing%20Jupyter%20notebooks%20in%20an%20investigation%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22359px%22%20height%3D%2284px%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fwhat-am-i-looking-at-using-notebooks-to-gain-situational%2Fba-p%2F891818%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fwhat-am-i-looking-at-using-notebooks-to-gain-situational%2Fba-p%2F891818%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2272px%22%20height%3D%2284px%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_6-1585767814539.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181347iA7CC2615E5145A25%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_6-1585767814539.png%22%20alt%3D%22ianhelle_6-1585767814539.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2272px%22%20height%3D%2284px%22%3E%3CP%3E%3CSTRONG%3E%3CEM%3EA%3C%2FEM%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22134px%22%20height%3D%22327px%22%3E%3CP%3E3%20part%20series%20on%20Security%20Investigations%20using%20Jupyter%20Notebooks%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22359px%22%20height%3D%22327px%22%3E%3CP%3EPart%201%20-%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fsecurity-investigation-with-azure-sentinel-and-jupyter-notebooks%2Fba-p%2F432921%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fsecurity-investigation-with-azure-sentinel-and-jupyter-notebooks%2Fba-p%2F432921%3C%2FA%3E%3C%2FP%3E%0A%3CP%3EPart%202%20-%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fsecurity-investigation-with-azure-sentinel-and-jupyter-notebooks%2Fba-p%2F483466%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fsecurity-investigation-with-azure-sentinel-and-jupyter-notebooks%2Fba-p%2F483466%3C%2FA%3E%3C%2FP%3E%0A%3CP%3EPart%203%20-%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fsecurity-investigation-with-azure-sentinel-and-jupyter-notebooks%2Fba-p%2F561413%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fsecurity-investigation-with-azure-sentinel-and-jupyter-notebooks%2Fba-p%2F561413%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2272px%22%20height%3D%22327px%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_6-1585767814539.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181347iA7CC2615E5145A25%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_6-1585767814539.png%22%20alt%3D%22ianhelle_6-1585767814539.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2272px%22%20height%3D%22327px%22%3E%3CP%3E%3CSTRONG%3E%3CEM%3EA%3C%2FEM%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22134px%22%20height%3D%2284px%22%3E%3CP%3ELinux%20Host%20Explorer%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22359px%22%20height%3D%2284px%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fexplorer-notebook-series-the-linux-host-explorer%2Fba-p%2F1138273%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fexplorer-notebook-series-the-linux-host-explorer%2Fba-p%2F1138273%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2272px%22%20height%3D%2284px%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_6-1585767814539.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181347iA7CC2615E5145A25%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_6-1585767814539.png%22%20alt%3D%22ianhelle_6-1585767814539.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2272px%22%20height%3D%2284px%22%3E%3CP%3E%3CSTRONG%3E%3CEM%3EA%3C%2FEM%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22134px%22%20height%3D%22111px%22%3E%3CP%3EUsing%20Threat%20Intel%20in%20your%20Jupyter%20Notebook%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22359px%22%20height%3D%22111px%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fusing-threat-intelligence-in-your-jupyter-notebooks%2Fba-p%2F860239%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fusing-threat-intelligence-in-your-jupyter-notebooks%2Fba-p%2F860239%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2272px%22%20height%3D%22111px%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_6-1585767814539.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181347iA7CC2615E5145A25%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_6-1585767814539.png%22%20alt%3D%22ianhelle_6-1585767814539.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2272px%22%20height%3D%22111px%22%3E%3CP%3E%3CSTRONG%3E%3CEM%3EA%3C%2FEM%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22134px%22%20height%3D%2284px%22%3E%3CP%3EJupyter%20Notebook%20repository%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22359px%22%20height%3D%2284px%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FAzure-Sentinel-Notebooks%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2FAzure%2FAzure-Sentinel-Notebooks%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2272px%22%20height%3D%2284px%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_2-1585767814538.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181343i5D66D92C64275414%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_2-1585767814538.png%22%20alt%3D%22ianhelle_2-1585767814538.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2272px%22%20height%3D%2284px%22%3E%3CP%3E%3CSTRONG%3E%3CEM%3EA%3C%2FEM%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22134px%22%20height%3D%22165px%22%3E%3CP%3EMSTICPY%20%E2%80%93%20InfoSec%20defenders%20Python%20library%20for%20Jupyter%20Notebooks%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22359px%22%20height%3D%22165px%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FMicrosoft%2Fmsticpy%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2FMicrosoft%2Fmsticpy%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2272px%22%20height%3D%22165px%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_2-1585767814538.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181343i5D66D92C64275414%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_2-1585767814538.png%22%20alt%3D%22ianhelle_2-1585767814538.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2272px%22%20height%3D%22165px%22%3E%3CP%3E%3CSTRONG%3E%3CEM%3EA%3C%2FEM%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId-114052569%22%20id%3D%22toc-hId-114052569%22%20id%3D%22toc-hId-114052569%22%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc36633559%22%3E%3C%2FA%3ERemediation%20and%20Automation%3C%2FH2%3E%0A%3CH1%20id%3D%22toc-hId--1124322672%22%20id%3D%22toc-hId--1124322672%22%20id%3D%22toc-hId--1124322672%22%3E%26nbsp%3B%3C%2FH1%3E%0A%3CP%3ERespond%20to%20threats%20automatically%20using%20Playbooks%20to%20allow%20for%20rapid%20response%20and%20blocking%20of%20attacks.%20Playbooks%20are%20implemented%20using%20Azure%20Logic%20Apps.%20Using%20them%20you%20can%20create%20complex%20workflows%20involving%20notifications%2C%20requesting%20approvals%2C%20reading%20from%20and%20updating%20data%20sources%20using%20a%20variety%20of%20services%20such%20as%20Teams%2C%20Office%20365%2C%20Service%20Now%20and%20others.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CTABLE%3E%0A%3CTBODY%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22151%22%3E%3CP%3EHow%20to%20run%20a%20playbook%20in%20Azure%20Sentinel%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22329%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Ftutorial-respond-threats-playbook%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Ftutorial-respond-threats-playbook%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2272%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_1-1585767814537.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181341iEDD900567C6B0E40%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_1-1585767814537.png%22%20alt%3D%22ianhelle_1-1585767814537.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2272%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22151%22%3E%3CP%3EPlaybooks%20available%20on%20GitHub%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22329%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FAzure-Sentinel%2Ftree%2Fmaster%2FPlaybooks%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2FAzure%2FAzure-Sentinel%2Ftree%2Fmaster%2FPlaybooks%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2272%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_2-1585767814538.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181343i5D66D92C64275414%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_2-1585767814538.png%22%20alt%3D%22ianhelle_2-1585767814538.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2272%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22151%22%3E%3CP%3EAzure%20Logic%20Apps%20overview%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22329%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Flogic-apps%2Flogic-apps-overview%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Flogic-apps%2Flogic-apps-overview%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2272%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22ianhelle_6-1585767814539.png%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181347iA7CC2615E5145A25%2Fimage-size%2Fsmall%3Fv%3D1.0%26amp%3Bpx%3D200%22%20title%3D%22ianhelle_6-1585767814539.png%22%20alt%3D%22ianhelle_6-1585767814539.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2272%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId-1492272880%22%20id%3D%22toc-hId-1492272880%22%20id%3D%22toc-hId-1492272880%22%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc36633560%22%3E%3C%2FA%3ECommunity%20Articles%20and%20Resources%3C%2FH2%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20following%20table%20is%20a%20list%20of%20articles%20from%20the%20Azure%20Sentinel%20Community%20Wiki.%20New%20content%20is%20being%20added%20frequently%20so%20be%20sure%20to%20check%20this%20location%20directly.%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FAzure-Sentinel%2Fwiki%2FCommunity-Publications%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2FAzure%2FAzure-Sentinel%2Fwiki%2FCommunity-Publications%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CTABLE%20width%3D%22600%22%3E%0A%3CTBODY%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22400%22%3E%3CP%3E%3CSTRONG%3ETitle%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22105%22%3E%3CP%3E%3CSTRONG%3EAuthor%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2294%22%3E%3CP%3E%3CSTRONG%3EType%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fwww.linkedin.com%2Fcontent-guest%2Farticle%2Fmaking-you-azure-sentinel-workbooks-multi-tenant-javier-soriano%2F%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EMaking%20your%20Azure%20Sentinel%20Workbooks%20multi-tenant%20(or%20multi-workspace)%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fes.linkedin.com%2Fin%2Fsorianojavier%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EJavier%20Soriano%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%3E%3CP%3Eblog%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22400%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fazsec.azurewebsites.net%2F2019%2F12%2F09%2Fsecurity-monitoring-and-detection-tips-for-your-storage-account-part-1%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3ESecurity%20Monitoring%20and%20Detection%20Tips%20for%20your%20Storage%20Account%20%E2%80%93%20Part%201%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fazsec.azurewebsites.net%2F2019%2F12%2F09%2Fsecurity-monitoring-and-detection-tips-for-your-storage-account-part-2%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3ESecurity%20Monitoring%20and%20Detection%20Tips%20for%20your%20Storage%20Account%20%E2%80%93%20Part%202%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fazsec.azurewebsites.net%2F2019%2F12%2F20%2Fsecurity-monitoring-and-detection-tips-for-your-storage-account-part-3%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3ESecurity%20Monitoring%20and%20Detection%20Tips%20for%20your%20Storage%20Account%20%E2%80%93%20Part%203%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fazsec.azurewebsites.net%2F2019%2F12%2F31%2Fsecurity-monitoring-and-detection-tips-for-your-storage-account-part-4%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3ESecurity%20Monitoring%20and%20Detection%20Tips%20for%20your%20Storage%20Account%20%E2%80%93%20Part%204%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22105%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fwww.linkedin.com%2Fin%2Fthuansoldier%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EThuan%20Nguyen%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2294%22%3E%3CP%3Eblog%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22400%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fwww.linkedin.com%2Fpulse%2Fcurious-case-saas-3rd-party-azure-sentinel-nathan-swift%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EThe%20curious%20case%20of%20SaaS%203rd%20party%20into%20Azure%20Sentinel%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22105%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftwitter.com%2FSwiftSolves%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3ENathan%20Swift%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2294%22%3E%3CP%3Eblog%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22400%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2Fmarcusbakker%2FKQL%2Fblob%2Fmaster%2Fkql_cheat_sheet.pdf%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EKQL%20Cheat%20Sheet%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22105%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftwitter.com%2FBakk3rM%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EMarcus%20Bakker%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2294%22%3E%3CP%3ECheatSheet%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22400%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fmedium.com%2Fwortell%2Fadvanced-multistage-attack-detection-real-machine-learning-for-the-real-world-2d9548276ea1%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EAzure%20Sentinel%3A%20advanced%20multistage%20attack%20detection%20%E2%80%94%20real%20machine%20learning%20for%20the%20real%20world%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22105%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftwitter.com%2Fmaarten_goet%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EMaarten%20Goet%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2294%22%3E%3CP%3Eblog%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22400%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fwww.managedsentinel.com%2Fwp-content%2Fuploads%2F2019%2F11%2Fazure_sentinel_design_v24.pdf%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EAzure%20Sentinel%20Design%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22105%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftwitter.com%2FAdiGri%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EAdrian%20Grigorof%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2294%22%3E%3CP%3EInfographics%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22400%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fmedium.com%2Fwortell%2Fazure-sentinel-designing-access-and-authorizations-that-meet-the-enterprise-needs-501bfdafaa5f%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EAzure%20Sentinel%3A%20designing%20access%20and%20authorizations%20that%20meet%20the%20enterprise%20needs%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22105%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftwitter.com%2Fmaarten_goet%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EMaarten%20Goet%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2294%22%3E%3CP%3Eblog%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22400%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fmedium.com%2Fwortell%2Fazure-sentinel-automating-your-use-cases-with-powershell-and-the-azsentinel-module-380606e601f5%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EAzure%20Sentinel%3A%20automating%20your%20Use%20Cases%20with%20PowerShell%20and%20the%20%23AzSentinel%20module%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22105%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftwitter.com%2Fmaarten_goet%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EMaarten%20Goet%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2294%22%3E%3CP%3Eblog%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22400%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DhejkFDTdLRs%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EDerbycon2019-Azure%20Sentinel%20A%20first%20look%20at%20Microsofts%20SIEM%20Solution%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22105%22%3E%3CP%3ECarl%20Hertz%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2294%22%3E%3CP%3EVideo%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22400%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FBlueTeamLabs%2Fsentinel-attack%2Fblob%2Fmaster%2Fdocs%2FDEFCON_attacking_the_sentinel.pdf%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EATT%26amp%3BCKing%20the%20Sentinel%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22105%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftwitter.com%2Fnetevert%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EEdoardo%20Gerosa%3C%2FA%3E%26nbsp%3B%26amp%3B%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftwitter.com%2Folafhartong%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EOlaf%20Hartong%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2294%22%3E%3CP%3ESlides%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22400%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fwww.peerlyst.com%2Fposts%2Fdetailed-guide-getting-started-using-microsoft-azure-sentinel-cloud-native-siem-and-soar-chiheb-chebbi%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EGetting%20started%20using%20Microsoft%20Azure%20Sentinel%20Cloud%20Native%20SIEM%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22105%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftwitter.com%2Fchihebchebbi201%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EChiheb%20Chebbi%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2294%22%3E%3CP%3Eblog%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22400%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fmedium.com%2F%40antonio.formato%2Fhow-to-onboard-raspberry-pi-on-azure-sentinel-57da570f1151%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EHow%20to%20onboard%20Raspberry%20PI%20on%20Azure%20Sentinel%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22105%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftwitter.com%2Fanformato%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EAntonio%20Formato%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2294%22%3E%3CP%3Eblog%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22400%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fmedium.com%2F%40maarten.goet%2Fazure-sentinel-helping-your-soc-with-investigation-and-hunting-ba1a8442deaa%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EAzure%20Sentinel%3A%20helping%20your%20SOC%20with%20investigation%20and%20hunting%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22105%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftwitter.com%2Fmaarten_goet%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EMaarten%20Goet%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2294%22%3E%3CP%3Eblog%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22400%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fmedium.com%2F%40maarten.goet%2Fprotect-yourself-against-bluekeep-using-azure-sentinel-and-defender-atp-d308f566d5cf%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EProtect%20yourself%20against%20CVE-2019%E2%80%930708%20aka%20%23BlueKeep%20using%20Azure%20Sentinel%20and%20Microsoft%20Defender%20ATP%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22105%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftwitter.com%2Fmaarten_goet%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EMaarten%20Goet%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2294%22%3E%3CP%3Eblog%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22400%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fmedium.com%2Fblueteamlabs%2Fusing-sysmon-in-azure-sentinel-883eb6ffc431%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EUsing%20Sysmon%20in%20Azure%20Sentinel%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22105%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftwitter.com%2Folafhartong%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EOlaf%20Hartong%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2294%22%3E%3CP%3Eblog%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22400%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fmedium.com%2F%40Mag1cM0n%2Fazure-sentinel-investigation-preview-f92b73f89836%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EAzure%20Sentinel%20%E2%80%94%20Investigation%20Preview%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22105%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fmedium.com%2F%40Mag1cM0n%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EMag1cM0n%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2294%22%3E%3CP%3Eblog%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22400%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fwww.peerlyst.com%2Fposts%2Fthe-journey-to-azure-sentinel-deploy-azure-sentinel-eli-shlomo%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EThe%20Journey%20to%20Azure%20Sentinel%20(Deploy%20Azure%20Sentinel)%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22105%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fwww.peerlyst.com%2Fusers%2Feli-shlomo%3Ftrk%3Dpost_page_author%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EEli%20Shlomo%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2294%22%3E%3CP%3Eblog%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22400%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fmedium.com%2F%40antonio.formato%2Fazure-sentinel-microsoft-defender-atp-automatic-advanced-hunting-56e6e0944d18%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EAzure%20Sentinel%20%E2%80%94%20Microsoft%20Defender%20ATP%3A%20Automatic%20Advanced%20Hunting%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22105%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftwitter.com%2Fanformato%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EAntonio%20Formato%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2294%22%3E%3CP%3Eblog%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22400%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fwww.managedsentinel.com%2F2019%2F05%2F20%2Fazure-sentinel-architecture%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EAzure%20Sentinel%20SIEM%20Architecture%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22105%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftwitter.com%2FAdiGri%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EAdrian%20Grigorof%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2294%22%3E%3CP%3EInfographics%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22400%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3D8omz4nEkocs%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EConnect%20Azure%20Sentinel%20to%20a%20ticketing%20system%20using%20the%20Microsoft%20Graph%20Security%20API%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22105%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fwww.youtube.com%2Fchannel%2FUC_5b0_6qIt8DCC5zbz3XivA%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EAzure%20Vlog-Youtube%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2294%22%3E%3CP%3EVideo%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22400%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fmedium.com%2F%40antonio.formato%2Fazure-sentinel-minemeld-bring-your-own-threat-intelligence-feeds-7e2f622d6c66%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EAzure%20Sentinel%20%E2%80%94%20MineMeld.%20Bring%20Your%20Own%20Threat%20Intelligence%20feeds%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22105%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftwitter.com%2Fanformato%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EAntonio%20Formato%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2294%22%3E%3CP%3Eblog%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22400%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fmedium.com%2F%40maarten.goet%2Fsupercharge-your-powershell-defenses-with-azure-sentinel-mitre-att-ck-and-sigma-714e1e1825d3%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3ESupercharge%20your%20PowerShell%20defenses%20with%20Azure%20Sentinel%2C%20MITRE%20ATT%26amp%3BCK%20and%20Sigma%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22105%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftwitter.com%2Fmaarten_goet%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EMaarten%20Goet%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2294%22%3E%3CP%3Eblog%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22400%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fmedium.com%2F%40maarten.goet%2Fprotecting-against-malicious-payloads-over-dns-using-azure-sentinel-b16b41de52fd%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EProtecting%20against%20malicious%20payloads%20over%20DNS%20using%20Azure%20Sentinel%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22105%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftwitter.com%2Fmaarten_goet%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EMaarten%20Goet%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2294%22%3E%3CP%3Eblog%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22400%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fmedium.com%2F%40IrekRomaniuk%2Fsyslog-to-azure-sentinel-ac7a5902c33e%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3ESyslog%20to%20Azure%20Sentinel%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22105%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fmedium.com%2F%40IrekRomaniuk%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EIrek%20Romaniuk%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2294%22%3E%3CP%3Eblog%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22400%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fmedium.com%2F%40maarten.goet%2Fvisualize-your-azure-sentinel-data-with-grafana-ad26551104db%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EVisualize%20your%20Azure%20Sentinel%20data%20with%20Grafana%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22105%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftwitter.com%2Fmaarten_goet%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EMaarten%20Goet%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2294%22%3E%3CP%3Eblog%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22400%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fmedium.com%2F%40maarten.goet%2Fazure-sentinel-design-considerations-492f87fae384%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EAzure%20Sentinel%3A%20design%20considerations%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22105%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftwitter.com%2Fmaarten_goet%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EMaarten%20Goet%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2294%22%3E%3CP%3Eblog%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22400%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fmedium.com%2F%40maarten.goet%2Fazure-sentinel-fusion-machine-learning-for-a-secops-world-64ccda3de5f8%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EAzure%20Sentinel%20FUSION%3A%20machine%20learning%20for%20a%20SecOps%20world%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22105%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftwitter.com%2Fmaarten_goet%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EMaarten%20Goet%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2294%22%3E%3CP%3Eblog%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22400%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fmedium.com%2F%40maarten.goet%2Fmicrosoft-azure-sentinel-not-your-daddys-splunk-3775bda28f39%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EMicrosoft%20Azure%20Sentinel%3A%20not%20your%20daddy%E2%80%99s%20Splunk%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22105%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftwitter.com%2Fmaarten_goet%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EMaarten%20Goet%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2294%22%3E%3CP%3Eblog%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22400%22%3E%3CP%3ESeries%20of%20experiments%20with%20Azure%20Sentinel%20Public%20Preview%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn%3Ali%3Aactivity%3A6507038278888288256%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EPart%201%3C%2FA%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.linkedin.com%2Fpulse%2Fazure-sentinel-day-2-adrian-grigorof-cissp-cism-crisc-ccsk%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EPart%202%3C%2FA%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.linkedin.com%2Fpulse%2Fazure-sentinel-day-5-adrian-grigorof%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EPart%203%3C%2FA%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.linkedin.com%2Fpulse%2Fazure-sentinel-day-18-adrian-grigorof-cissp-cism-crisc-ccsk%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EPart%204%3C%2FA%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fmedium.com%2F%40adriangrigorof%2Fazure-sentinel-day-28-214a9b884df5%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EPart%205%3C%2FA%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fmedium.com%2F%40adriangrigorof%2Fazure-sentinel-alerts-aa694acc0837%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EPart%206%3C%2FA%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fmedium.com%2F%40adriangrigorof%2Fazure-sentinel-cases-32fbb8da5300%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EPart%207%3C%2FA%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fmedium.com%2F%40adriangrigorof%2Fazure-sentinel-hunting-e49814d3bacf%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EPart%208%3C%2FA%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fmedium.com%2F%40adriangrigorof%2Fazure-sentinel-notebooks-48526c985ec9%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EPart%209%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22105%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftwitter.com%2FAdiGri%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EAdrian%20Grigorof%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2294%22%3E%3CP%3Eblog%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId--315181583%22%20id%3D%22toc-hId--315181583%22%20id%3D%22toc-hId--315181583%22%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc36633561%22%3E%3C%2FA%3EOther%20Resources%3C%2FH2%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId--1993553327%22%20id%3D%22toc-hId--1993553327%22%20id%3D%22toc-hId--1993553327%22%3EGeneral%3C%2FH3%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CTABLE%3E%0A%3CTBODY%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22207%22%3E%3CP%3EAzure%20Sentinel%20Documentation%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22417%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2F%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22207%22%3E%3CP%3EAzure%20Sentinel%20Technical%20Community%20Blog%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22417%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fforums%2Fpostpage%2Fboard-id%2FAzureSentinelBlog%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fforums%2Fpostpage%2Fboard-id%2FAzureSentinelBlog%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22207%22%3E%3CP%3EAzure%20Sentinel%20Community%20Publications%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22417%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FAzure-Sentinel%2Fwiki%2FCommunity-Publications%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2FAzure%2FAzure-Sentinel%2Fwiki%2FCommunity-Publications%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22207%22%3E%3CP%3ESecurity%20Community%20Webinars%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22417%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fsecurity-privacy-compliance%2Fsecurity-community-webinars%2Fm-p%2F927888%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fsecurity-privacy-compliance%2Fsecurity-community-webinars%2Fm-p%2F927888%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-493959506%22%20id%3D%22toc-hId-493959506%22%20id%3D%22toc-hId-493959506%22%3ECustomer%20Stories%3C%2FH3%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CTABLE%3E%0A%3CTBODY%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22207%22%3E%3CP%3ESWC%20Technology%20Partners%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22417%22%3E%3CP%3E%3CSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fcustomers.microsoft.com%2Fen-us%2Fstory%2F741469-swctechnologypartners-partnerprofessionalservices-unitedstates%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fcustomers.microsoft.com%2Fen-us%2Fstory%2F741469-swctechnologypartners-partnerprofessionalservices-unitedstates%3C%2FA%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22207%22%3E%3CP%3EASOS%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22417%22%3E%3CP%3E%3CSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fcustomers.microsoft.com%2Fen-us%2Fstory%2F751656-asos-retailer-azure-sentinel%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fcustomers.microsoft.com%2Fen-us%2Fstory%2F751656-asos-retailer-azure-sentinel%3C%2FA%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22207%22%3E%3CP%3EAvanade%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22417%22%3E%3CP%3E%3CSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fcustomers.microsoft.com%2Fen-us%2Fstory%2F751679-avanade-professional-services-azure-sentinel%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fcustomers.microsoft.com%2Fen-us%2Fstory%2F751679-avanade-professional-services-azure-sentinel%3C%2FA%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId--1442577676%22%20id%3D%22toc-hId--1442577676%22%20id%3D%22toc-hId--1442577676%22%3EConclusion%3C%2FH2%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe%20hope%20that%20you%20have%20found%20this%20article%20a%20useful%20guide%20to%20documentation%20and%20resources%20for%20Azure%20Sentinel.%20This%20article%20is%20not%20intended%20to%20replace%20a%20central%20document%20resources%20like%20Azure%20Docs.%20We%20will%20try%20update%20this%20with%20new%20and%20changed%20resources%20until%20something%20more%20permanent%20is%20in%20place.%20We%20welcome%20any%20feedback%20on%20additional%20content%20to%20include.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId-1044935157%22%20id%3D%22toc-hId-1044935157%22%20id%3D%22toc-hId-1044935157%22%3EContributions%3C%2FH2%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F313718%22%20target%3D%22_blank%22%3E%40ianhelle%3C%2FA%3E%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F252752%22%20target%3D%22_blank%22%3E%40shainw%3C%2FA%3E%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F538871%22%20target%3D%22_blank%22%3E%40Ajeet76%3C%2FA%3E%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F113210%22%20target%3D%22_blank%22%3E%40Pete%20Bryan%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-1269252%22%20slang%3D%22en-US%22%3E%3CP%3EThis%20article%20draws%20many%20of%20the%20numerous%20web%20resources%20for%20Azure%20Sentinel%3A%20Azure%20Docs%2C%20Microsoft%20blogs%2C%26nbsp%3B%20YouTube%2C%20community%20blogs.%20It%20should%20contain%20everything%20you%20need%20to%20know%20to%20deploy%20and%20manage%20Azure%20Sentinel%20from%20scratch.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22AzureCircle.png%22%20style%3D%22width%3A%20387px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181357i92F27A2D30E85E55%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20title%3D%22AzureCircle.png%22%20alt%3D%22AzureCircle.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1296055%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20Sentinel%20Resource%20Terminus%20-%20board%20here!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1296055%22%20slang%3D%22en-US%22%3E%3CP%3EThank%20you!%3C%2FP%3E%3C%2FLINGO-BODY%3E
Microsoft

Introduction

This article is a collection of resources for Azure Sentinel designed to get you up and running with the service as quickly as possible. It is organized by broad topic area to allow you quickly navigate to your area of interest. Most topics are broken down into groups of related articles.

AzureCircle.png

 

Most of the resources in this article are listed in tables with a short title and a link to the resource. The final two columns in the table show the type of resource and an indication if the topic is relatively advanced or specialized.

 

ianhelle_0-1585767814536.png

Blog

ianhelle_1-1585767814537.png

Azure Document

ianhelle_2-1585767814538.png

GitHub Location

ianhelle_3-1585767814538.png

Video/Webinar

 

Advanced articles are indicated with a bold A.

 

Note: many of the video/webinar links have a companion deck. You view the full list here.

Contents

 

 

Overview

 

If you are new to Azure Sentinel or need a refresher on the core components you should read this overview document.

https://docs.microsoft.com/en-us/azure/sentinel/overview

 

If you find terms in this document that you are not familiar with, you should refer back to the Azure Sentinel Overview to clarify them.

 

This webinar is also useful, more technical, overview of Azure Sentinel Features

Azure Sentinel webinar: Understanding Azure Sentinel features and functionality deep dive - YouTube 

 

Azure Sentinel Community and Contributing

You can contribute detections, hunting queries, workbooks, Jupyter notebooks and playbooks to the Azure Sentinel user community. Find out more about this here:

https://github.com/Azure/Azure-Sentinel/wiki

 

The Wiki is part of the Azure Sentinel GitHub, which is the central repository for Microsoft and community contributions to Azure Sentinel: https://github.com/Azure/Azure-Sentinel

 

Creating Your Azure Sentinel Workspace

 

Most of you reading this will have already set up your Workspace. If not, here is a quick introduction:

https://docs.microsoft.com/en-us/azure/sentinel/quickstart-onboard

 

Automating Azure Sentinel Setup

Even though this article is focused on setting up a lab environment, it contains a lot of information about automating workspace creation and configuration with Azure Resource Manager (ARM) templates.

https://techcommunity.microsoft.com/t5/azure-sentinel/azure-sentinel-to-go-sentinel-lab-w-prerecorde...

 

Other Azure Sentinel Design and Deployment Articles

These articles are all relatively advanced topics.

Cloud & on-prem architecture

https://youtu.be/_mm3GNwPBHU

ianhelle_4-1585767814538.png

A

Managing Multiple tenants with Azure Lighthouse

https://techcommunity.microsoft.com/t5/azure-sentinel/using-azure-lighthouse-and-azure-sentinel-to-m...

ianhelle_5-1585767814539.png

A

Architect your Sentinel Deployment

https://techcommunity.microsoft.com/t5/azure-sentinel/best-practices-for-designing-an-azure-sentinel...

ianhelle_6-1585767814539.png

A

Running Sentinel alongside Splunk

https://techcommunity.microsoft.com/t5/azure-sentinel/azure-sentinel-side-by-side-with-splunk/ba-p/1...

ianhelle_7-1585767814539.png

A

Table Level Role Based Access Control

https://techcommunity.microsoft.com/t5/azure-sentinel/table-level-rbac-in-azure-sentinel/ba-p/965043

ianhelle_7-1585767814539.png

A

Deploying and Managing Azure Sentinel as Code

https://techcommunity.microsoft.com/t5/azure-sentinel/deploying-and-managing-azure-sentinel-as-code/...

ianhelle_7-1585767814539.png

A

Combining Lighthouse with Sentinel DevOps

https://techcommunity.microsoft.com/t5/azure-sentinel/combining-azure-lighthouse-with-sentinel-s-dev...

ianhelle_7-1585767814539.png

A

 

Onboarding Data

 

Identifying Critical Data

The data that is critical to identifying malicious activity will vary from organization to organization. It will likely include many of the following categories:

 

Category

Examples

Host/Endpoint Logs

Log Analytics Agent, Syslog, Auditd, Windows Event Collection

Authentication Logs

Azure Active Directory, AWS CloudTrail

Cloud Infrastructure

Azure Activity, AWS CloudTrail, Azure Storage

Cloud Application Logs

Office 365

Network Infrastructure and Device Logs

Syslog, Azure Network Analytics, OMS Wiredata

 

Identifying what data is already Onboarded

How do you know what data you may have already available in Azure Log Analytics? You can use the Workspace Usage workbook for an overview of data usage in your workspace. Alternatively, use the Log Analytics query tool to browse around your data tables and their schema. The KQL search is useful to get a view of how much data you have of each type:

 

 

More details of about querying data in Azure Sentinel can be found in this article:

https://docs.microsoft.com/en-us/azure/azure-monitor/log-query/log-query-overview.

 

Costs of Data in Azure Sentinel

 

Office 365, Azure AD and AWS data are free

https://azure.microsoft.com/en-us/pricing/details/azure-sentinel/

ianhelle_1-1585767814537.png

 

Calculate data storage costs

https://azure.microsoft.com/en-us/pricing/calculator/?service=azure-sentinel

ianhelle_1-1585767814537.png

 

Custom retention periods for data

https://techcommunity.microsoft.com/t5/azure-sentinel/new-per-data-type-retention-is-now-available-f...

ianhelle_7-1585767814539.png

A

 

Onboarding new data

These articles cover the general operation and setup of data connectors and ingestion of data into Azure Sentinel.

 

Quick Start

https://docs.microsoft.com/en-us/azure/sentinel/quickstart-onboard

ianhelle_1-1585767814537.png

 

Getting data into Azure Sentinel

https://www.youtube.com/watch?v=4HuxC-eCegs

ianhelle_4-1585767814538.png

 

Built-in Connectors

https://docs.microsoft.com/en-us/azure/sentinel/connect-data-sources

ianhelle_1-1585767814537.png

 

Custom Connectors

https://techcommunity.microsoft.com/t5/azure-sentinel/azure-sentinel-creating-custom-connectors/ba-p...

ianhelle_6-1585767814539.png

 

 

Common Data Sources

Azure Sentinel documentation has many articles covering ingesting data from hosts, Microsoft Security Services and Cloud Services and other common sources. The following table highlights some of these.

 

Windows Security Events

https://docs.microsoft.com/en-us/azure/sentinel/connect-windows-security-events

ianhelle_1-1585767814537.png

 

AWS

https://docs.microsoft.com/en-us/azure/sentinel/connect-aws

ianhelle_1-1585767814537.png

 

Azure Active Directory

https://docs.microsoft.com/en-us/azure/sentinel/connect-azure-active-directory

ianhelle_1-1585767814537.png

 

Office 365

https://docs.microsoft.com/en-us/azure/sentinel/connect-office-365

ianhelle_1-1585767814537.png

 

Microsoft Teams

https://techcommunity.microsoft.com/t5/azure-sentinel/protecting-your-teams-with-azure-sentinel/ba-p...

ianhelle_1-1585767814537.png

 

Azure Security Center alerts

https://docs.microsoft.com/en-us/azure/sentinel/connect-azure-security-center

ianhelle_1-1585767814537.png

 

Microsoft Defender alerts

https://docs.microsoft.com/en-us/azure/sentinel/connect-microsoft-defender-advanced-threat-protectio...

ianhelle_1-1585767814537.png

 

Cloud App Security (MCAS)

https://docs.microsoft.com/en-us/azure/sentinel/connect-cloud-app-security

ianhelle_1-1585767814537.png

 

Azure Activity

https://docs.microsoft.com/en-us/azure/sentinel/connect-azure-activity

ianhelle_1-1585767814537.png

 

Syslog

https://docs.microsoft.com/en-us/azure/sentinel/connect-syslog

ianhelle_1-1585767814537.png

 

CEF (Common Event Format)

https://docs.microsoft.com/en-us/azure/sentinel/connect-common-event-format

ianhelle_1-1585767814537.png

 

 

In the same section as the references in the previous, you can also find instructions on other data sources such as Azure ATP, Windows Firewall, Azure Information Protection, Barracuda, Citrix, F5, ForcePoint, Squandra, Symantec and others.

 

Other Data Sources

Other references on importing log data into Azure Sentinel.

 

Linux Auditd ingestion and monitoring

https://techcommunity.microsoft.com/t5/azure-sentinel/ingesting-auditd-configured-for-pam-tty-sessio...

ianhelle_6-1585767814539.png

 

Best Practices for bringing in Common Event Framework data

https://techcommunity.microsoft.com/t5/azure-sentinel/best-practices-for-common-event-format-cef-col...

ianhelle_6-1585767814539.png

 

Understanding the Log Analytics Agent

https://docs.microsoft.com/en-us/azure/azure-monitor/platform/log-analytics-agent

ianhelle_1-1585767814537.png

 

Bringing in Proofpoint TAP logs to Azure Sentinel

https://techcommunity.microsoft.com/t5/azure-sentinel/sending-proofpoint-tap-logs-to-azure-sentinel/...

ianhelle_6-1585767814539.png

A

 

Threat Intelligence Data

Threat intelligence data can enhance your ability to detect malicious actions in detections, investigations and hunting.

 

Bring your own Threat Intel

https://techcommunity.microsoft.com/t5/azure-sentinel/bring-your-threat-intelligence-to-azure-sentin...

ianhelle_6-1585767814539.png

 

Deep Dive in Threat Intelligence

https://youtu.be/zfoVe4iarto

ianhelle_4-1585767814538.png

 

 

 

Monitoring Activity

 

Basic information about your workspace is available in the Overview panel. The Incidents pane is also a key view where you can see current unresolved incidents from alerts (see Detections section later in the document).

 

Workbooks

Workbooks are one of the most useful tools in monitoring ongoing operations. Workbooks are a type of interactive and customizable dashboard view that gather multiple views and visualizations of data into a single pane.

They can include queried data from any Azure Sentinel table although are often designed to show multiple facets of one specific data set. You can choose from a variety of workbooks available within Azure Sentinel and a larger selection in the Azure Sentinel GitHub repo.

 

Workbooks

https://docs.microsoft.com/en-us/azure/sentinel/tutorial-monitor-your-data

ianhelle_1-1585767814537.png

 

GitHub available Workbooks

https://github.com/Azure/Azure-Sentinel/tree/master/Workbooks

ianhelle_2-1585767814538.png

 

 

 

Detections

 

Azure Sentinel has many built-in detections. You can supplement these with alerts from your other detection services such as Azure Security Center, Office365 ATP, WDATP and Azure ATP. You can also create your own detection rules or import them from other sources.

 

Enabling Azure Sentinel Detections

These references describe the Azure Sentinel built-in detection rules and some other common detection sources. For building your own custom detection rules see also the articles in the 

Log Queries and the Kusto Query Language section later in the document.

 

Built-in Detections

https://docs.microsoft.com/en-us/azure/sentinel/tutorial-detect-threats-built-in

ianhelle_1-1585767814537.png

 

Custom Analytics

https://docs.microsoft.com/en-us/azure/sentinel/tutorial-detect-threats-custom

ianhelle_1-1585767814537.png

 

Create Incidents from Alerts

https://docs.microsoft.com/en-us/azure/sentinel/create-incidents-from-alerts

ianhelle_1-1585767814537.png

 

URL Detonation

https://techcommunity.microsoft.com/t5/azure-sentinel/using-the-new-built-in-url-detonation-in-azure...

ianhelle_6-1585767814539.png

 

Azure Security Center

https://techcommunity.microsoft.com/t5/azure-sentinel/integrating-azure-security-center-with-azure-s...

ianhelle_6-1585767814539.png

 

Office 365 Alerts

https://techcommunity.microsoft.com/t5/azure-sentinel/ingesting-office-365-alerts-with-graph-securit...

ianhelle_6-1585767814539.png

 

Multistage attack detection

https://docs.microsoft.com/en-us/azure/sentinel/fusion

ianhelle_1-1585767814537.png

 

Detection Details and public repository

https://github.com/Azure/Azure-Sentinel/tree/master/Detections

ianhelle_2-1585767814538.png

 

 

External Detection Rule Sources and Providers

You can also integrate with other threat detection services to Sigma rules are a particularly useful source of detection logic. The Proofpoint TAP blog shows a general mechanism for importing alerts from a REST API. This can be used to bring Alerts from many providers into Azure Sentinel. Many of the data providers listed

 

Importing Sigma Rules to Azure Sentinel

https://techcommunity.microsoft.com/t5/azure-sentinel/importing-sigma-rules-to-azure-sentinel/ba-p/6...

ianhelle_6-1585767814539.png

 

Sigma and SOCPrime integration

https://techcommunity.microsoft.com/t5/azure-sentinel/azure-sentinel-sigma-and-soc-prime-integration...

ianhelle_6-1585767814539.png

 

Ingesting AlienVault OTX into Azure Sentinel

https://techcommunity.microsoft.com/t5/azure-sentinel/ingesting-alien-vault-otx-threat-indicators-in...

ianhelle_6-1585767814539.png

A

 

 

Investigations

 

Overview

 

End-to-End SOC scenario

https://www.youtube.com/watch?
v=HloK6Ay4h1M&feature=youtu.be

ianhelle_4-1585767814538.png

 

 

 

Investigation Graph

The investigation graph is the hub around which many investigation tasks pivot. It gives you an interactive graphical view of connected alerts and entities related to a single investigation. You can explore the context of each item in the investigation panel, add related entities and view the timeline of the attack.

 

Investigation Graph

https://docs.microsoft.com/en-us/azure/sentinel/tutorial-investigate-cases

ianhelle_1-1585767814537.png

 

 

Log Queries and the Kusto Query Language

The core of Azure Sentinel is the query engine. Detections, Workbooks, Hunting and Investigation tools are all powered by the Log Analytics query engine. You will need to have some understanding of Kusto in order to ad hoc querying or create new detection alerts.

 

Introduction to Log Query

https://docs.microsoft.com/en-us/azure/azure-monitor/log-query/log-query-overview

ianhelle_1-1585767814537.png

 

Azure Sentinel Correlation – Join operator

https://techcommunity.microsoft.com/t5/azure-sentinel/azure-sentinel-correlation-rules-the-join-kql-...

ianhelle_6-1585767814539.png

 

Azure Sentinel Correlation – make_list/in

https://techcommunity.microsoft.com/t5/azure-sentinel/azure-sentinel-correlation-rules-active-lists-...

ianhelle_6-1585767814539.png

 

Deep dive on correlation Rules

https://youtu.be/pJjljBT4ipQ

ianhelle_4-1585767814538.png

 

KQL Functions

https://techcommunity.microsoft.com/t5/azure-sentinel/using-kql-functions-to-speed-up-analysis-in-az...

ianhelle_6-1585767814539.png

A

KQL Reference

https://docs.microsoft.com/en-us/azure/kusto/query/

ianhelle_1-1585767814537.png

 

Introduction to KQL (Pluralsight)

https://app.pluralsight.com/library/courses/kusto-query-language-kql-from-scratch/table-of-contents

ianhelle_4-1585767814538.png

 

Including external data in your queries

https://techcommunity.microsoft.com/t5/azure-sentinel/implementing-lookups-in-azure-sentinel-part-1-...

ianhelle_6-1585767814539.png

A

 

Workbooks

Using workbooks to show multiple views of related data can help you understand the context of different elements involved in a potential attack. If an attack is confirmed, they can also help you understand the connections and further understand blast radius.

 

Workbooks

https://docs.microsoft.com/en-us/azure/sentinel/tutorial-monitor-your-data

ianhelle_1-1585767814537.png

 

GitHub available Workbooks

https://github.com/Azure/Azure-Sentinel/tree/master/Workbooks

ianhelle_2-1585767814538.png

 

 

Hunting

 

Threat hunting can identify previously undetected malicious activity in your environment. As well as spotting potentially malicious activities. You can use your hunting findings to create detection rules that will alert on these patterns in the future.

 

Threat Hunting and Investigation Techniques

 

General Threat Hunting

https://techcommunity.microsoft.com/t5/azure-sentinel/identifying-threat-hunting-opportunities-in-yo...

ianhelle_6-1585767814539.png

 

Using Bookmarks in hunting

https://docs.microsoft.com/en-us/azure/sentinel/bookmarks

ianhelle_1-1585767814537.png

 

Using Livestream in hunting

https://docs.microsoft.com/en-us/azure/sentinel/livestream

ianhelle_1-1585767814537.png

 

Tracking High Value Accounts

https://techcommunity.microsoft.com/t5/azure-sentinel/azure-sentinel-performing-additional-security-...

ianhelle_6-1585767814539.png

 

Using Time series analysis to detect anomalous patterns

https://techcommunity.microsoft.com/t5/azure-sentinel/time-series-visualization-of-palo-alto-logs-to...

 

https://techcommunity.microsoft.com/t5/azure-sentinel/looking-for-unknown-anomalies-what-is-normal-t...

ianhelle_6-1585767814539.png

A

Identifying Network Beaconing

https://techcommunity.microsoft.com/t5/azure-sentinel/detect-network-beaconing-via-intra-request-tim...

ianhelle_6-1585767814539.png

A

Office 365 specific threat hunting

https://techcommunity.microsoft.com/t5/azure-sentinel/office-365-email-activity-and-data-exfiltratio...

ianhelle_6-1585767814539.png

A

Taking a known breach and looking at your environment - Capital One Breach

Part 1 - https://techcommunity.microsoft.com/t5/azure-sentinel/hunting-for-capital-one-breach-ttps-in-aws-log...

Part 2 - https://techcommunity.microsoft.com/t5/azure-sentinel/hunting-for-capital-one-breach-ttps-in-aws-log...

ianhelle_6-1585767814539.png

A

GitHub available Hunting queries

https://github.com/Azure/Azure-Sentinel/tree/master/Hunting%20Queries

ianhelle_2-1585767814538.png

 

 

Workbooks

Workbooks can help you easily identify trends, blast radius and identify areas of further investigation.

 

Mapping your users travel

https://techcommunity.microsoft.com/t5/azure-sentinel/how-to-use-azure-sentinel-to-follow-a-users-tr...

ianhelle_6-1585767814539.png

 

Map security events across the globe

https://techcommunity.microsoft.com/t5/azure-sentinel/how-to-use-azure-monitor-workbooks-to-map-sent...

ianhelle_6-1585767814539.png

 

GitHub available Workbooks

https://github.com/Azure/Azure-Sentinel/tree/master/Workbooks

ianhelle_2-1585767814538.png

 

 

Jupyter Notebooks

Jupyter Notebooks for advance investigations allow for extensive customization, bringing in multiple disparate tools and methods available across the cyber security landscape.

 

Getting started with Jupyter Notebooks

https://docs.microsoft.com/en-us/azure/sentinel/notebooks

ianhelle_1-1585767814537.png

 

Using Jupyter notebooks in an investigation

https://techcommunity.microsoft.com/t5/azure-sentinel/what-am-i-looking-at-using-notebooks-to-gain-s...

ianhelle_6-1585767814539.png

A

3 part series on Security Investigations using Jupyter Notebooks

Part 1 - https://techcommunity.microsoft.com/t5/azure-sentinel/security-investigation-with-azure-sentinel-and...

Part 2 - https://techcommunity.microsoft.com/t5/azure-sentinel/security-investigation-with-azure-sentinel-and...

Part 3 - https://techcommunity.microsoft.com/t5/azure-sentinel/security-investigation-with-azure-sentinel-and...

ianhelle_6-1585767814539.png

A

Linux Host Explorer

https://techcommunity.microsoft.com/t5/azure-sentinel/explorer-notebook-series-the-linux-host-explor...

ianhelle_6-1585767814539.png

A

Using Threat Intel in your Jupyter Notebook

https://techcommunity.microsoft.com/t5/azure-sentinel/using-threat-intelligence-in-your-jupyter-note...

ianhelle_6-1585767814539.png

A

Jupyter Notebook repository

https://github.com/Azure/Azure-Sentinel-Notebooks

ianhelle_2-1585767814538.png

A

MSTICPY – InfoSec defenders Python library for Jupyter Notebooks

https://github.com/Microsoft/msticpy

ianhelle_2-1585767814538.png

A

 

Remediation and Automation

 

Respond to threats automatically using Playbooks to allow for rapid response and blocking of attacks. Playbooks are implemented using Azure Logic Apps. Using them you can create complex workflows involving notifications, requesting approvals, reading from and updating data sources using a variety of services such as Teams, Office 365, Service Now and others.

 

How to run a playbook in Azure Sentinel

https://docs.microsoft.com/en-us/azure/sentinel/tutorial-respond-threats-playbook

ianhelle_1-1585767814537.png

 

Playbooks available on GitHub

https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks

ianhelle_2-1585767814538.png

 

Azure Logic Apps overview

https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-overview

ianhelle_6-1585767814539.png

 

 

Community Articles and Resources

 

The following table is a list of articles from the Azure Sentinel Community Wiki. New content is being added frequently so be sure to check this location directly.

https://github.com/Azure/Azure-Sentinel/wiki/Community-Publications

 

Title

Author

Type

Making your Azure Sentinel Workbooks multi-tenant (or multi-workspace)

Javier Soriano

blog

Security Monitoring and Detection Tips for your Storage Account – Part 1

Security Monitoring and Detection Tips for your Storage Account – Part 2

Security Monitoring and Detection Tips for your Storage Account – Part 3

Security Monitoring and Detection Tips for your Storage Account – Part 4

Thuan Nguyen

blog

The curious case of SaaS 3rd party into Azure Sentinel

Nathan Swift

blog

KQL Cheat Sheet

Marcus Bakker

CheatSheet

Azure Sentinel: advanced multistage attack detection — real machine learning for the real world

Maarten Goet

blog

Azure Sentinel Design

Adrian Grigorof

Infographics

Azure Sentinel: designing access and authorizations that meet the enterprise needs

Maarten Goet

blog

Azure Sentinel: automating your Use Cases with PowerShell and the #AzSentinel module

Maarten Goet

blog

Derbycon2019-Azure Sentinel A first look at Microsofts SIEM Solution

Carl Hertz

Video

ATT&CKing the Sentinel

Edoardo Gerosa & Olaf Hartong

Slides

Getting started using Microsoft Azure Sentinel Cloud Native SIEM

Chiheb Chebbi

blog

How to onboard Raspberry PI on Azure Sentinel

Antonio Formato

blog

Azure Sentinel: helping your SOC with investigation and hunting

Maarten Goet

blog

Protect yourself against CVE-2019–0708 aka #BlueKeep using Azure Sentinel and Microsoft Defender ATP

Maarten Goet

blog

Using Sysmon in Azure Sentinel

Olaf Hartong

blog

Azure Sentinel — Investigation Preview

Mag1cM0n

blog

The Journey to Azure Sentinel (Deploy Azure Sentinel)

Eli Shlomo

blog

Azure Sentinel — Microsoft Defender ATP: Automatic Advanced Hunting

Antonio Formato

blog

Azure Sentinel SIEM Architecture

Adrian Grigorof

Infographics

Connect Azure Sentinel to a ticketing system using the Microsoft Graph Security API

Azure Vlog-Youtube

Video

Azure Sentinel — MineMeld. Bring Your Own Threat Intelligence feeds

Antonio Formato

blog

Supercharge your PowerShell defenses with Azure Sentinel, MITRE ATT&CK and Sigma

Maarten Goet

blog

Protecting against malicious payloads over DNS using Azure Sentinel

Maarten Goet

blog

Syslog to Azure Sentinel

Irek Romaniuk

blog

Visualize your Azure Sentinel data with Grafana

Maarten Goet

blog

Azure Sentinel: design considerations

Maarten Goet

blog

Azure Sentinel FUSION: machine learning for a SecOps world

Maarten Goet

blog

Microsoft Azure Sentinel: not your daddy’s Splunk

Maarten Goet

blog

Series of experiments with Azure Sentinel Public Preview Part 1 Part 2 Part 3 Part 4 Part 5 Part 6 Part 7 Part 8 Part 9

Adrian Grigorof

blog

 

Other Resources

 

General

 

Azure Sentinel Documentation

https://docs.microsoft.com/en-us/azure/sentinel/

Azure Sentinel Technical Community Blog

https://techcommunity.microsoft.com/t5/forums/postpage/board-id/AzureSentinelBlog

 

Azure Sentinel Community Publications

https://github.com/Azure/Azure-Sentinel/wiki/Community-Publications

Security Community Webinars

https://techcommunity.microsoft.com/t5/security-privacy-compliance/security-community-webinars/m-p/9...

 

Customer Stories

 

SWC Technology Partners

https://customers.microsoft.com/en-us/story/741469-swctechnologypartners-partnerprofessionalservices...

ASOS

https://customers.microsoft.com/en-us/story/751656-asos-retailer-azure-sentinel

Avanade

https://customers.microsoft.com/en-us/story/751679-avanade-professional-services-azure-sentinel

 

Conclusion

 

We hope that you have found this article a useful guide to documentation and resources for Azure Sentinel. This article is not intended to replace a central document resources like Azure Docs. We will try update this with new and changed resources until something more permanent is in place. We welcome any feedback on additional content to include.

 

Contributions

@ianhelle@shainw@Ajeet76@Pete Bryan

 

3 Comments

Thanks for Sharing this Awesome Overview with the Community :cool:

Occasional Visitor

This is simply awesome. Thank you to everyone for sharing this link.

Contributor

Thank you!