%3CLINGO-SUB%20id%3D%22lingo-sub-1302131%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20an%20Azure%20Sentinel%20Ninja%3A%20The%20complete%20level%20400%20training%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1302131%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F293879%22%20target%3D%22_blank%22%3E%40Ofer_Shezaf%3C%2FA%3E%2C%26nbsp%3BAwesome%20collection%20Ofer%20-%20thanks%20very%20much%20for%20the%20time%20taken%20on%20this.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EJust%20a%20few%20typos%20that%20might%20have%20crept%20in%3A%3CBR%20%2F%3EThe%20first%20link%20in%20Module%202%20is%20not%20a%20presentation%20but%20loops%20back%20to%20this%20page%3F%3C%2FP%3E%3CP%3EIn%20Module%206%20%26amp%3B%2011%20the%20Deck%20link%20is%20to%20the%20Presentation%20%26amp%3B%20the%20Presentation%20link%20is%20the%20MP4%20recording%3C%2FP%3E%3CP%3EIn%20Module%209%20the%20Presentation%20link%20loops%20back%20to%20this%20page%3F%20But%20is%20this%20also%20part%20of%20the%203%20files%20that%20are%20tucked%20away%20at%20the%20bottom%20of%20the%20page%3F%20%3B)%3C%2Fimg%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EStay%20safe%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1302216%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20an%20Azure%20Sentinel%20Ninja%3A%20The%20complete%20level%20400%20training%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1302216%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F129396%22%20target%3D%22_blank%22%3E%40David%20Caddick%3C%2FA%3E!%26nbsp%3BI%20hope%20I%20have%20fixed%20them%20all.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1304511%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20an%20Azure%20Sentinel%20Ninja%3A%20The%20complete%20level%20400%20training%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1304511%22%20slang%3D%22en-US%22%3E%3CP%3EThank%20you%20for%20Sharing%20this%20Awesome%20Azure%20Sentinel%20Training%20with%20the%20Community%26nbsp%3B%3CIMG%20class%3D%22lia-deferred-image%20lia-image-emoji%22%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Fhtml%2Fimages%2Femoticons%2Fcool_40x40.gif%22%20alt%3D%22%3Acool%3A%22%20title%3D%22%3Acool%3A%22%20%2F%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1304691%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20an%20Azure%20Sentinel%20Ninja%3A%20The%20complete%20level%20400%20training%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1304691%22%20slang%3D%22en-US%22%3E%3CP%3ENice%20work%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F293879%22%20target%3D%22_blank%22%3E%40Ofer_Shezaf%3C%2FA%3E%26nbsp%3B!%20Do%20you%20have%20any%20certification%20or%20exam%20as%20part%20of%20this%20training%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1305043%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20an%20Azure%20Sentinel%20Ninja%3A%20The%20complete%20level%20400%20training%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1305043%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F293879%22%20target%3D%22_blank%22%3E%40Ofer_Shezaf%3C%2FA%3E%26nbsp%3B-%20Brilliant%20work%20%26amp%3B%20good%20to%20see%20all%20in%20one%20pack%26nbsp%3B.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1306639%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20an%20Azure%20Sentinel%20Ninja%3A%20The%20complete%20level%20400%20training%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1306639%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Guys%20i%20am%20not%20able%20to%20get%20the%20presentations.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1306694%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20an%20Azure%20Sentinel%20Ninja%3A%20The%20complete%20level%20400%20training%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1306694%22%20slang%3D%22en-US%22%3E%3CP%3EOnly%20managed%20to%20download%20presentation%20for%20module%204%20and%206.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1306827%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20an%20Azure%20Sentinel%20Ninja%3A%20The%20complete%20level%20400%20training%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1306827%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAwesome%20-%20is%20there%20some%20%22Baseline%2FBest%20Practice%2Fminimum%22%20for%20Sentinel%20-%20in%20deploying-%26gt%3Bconfiguring%2Fsettings%2Fdatacollectors%2Frules%20template%20setup%3F%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3CP%3Ehope%20question%20makes%20sense%20%3AD%3C%2Fimg%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1308637%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20an%20Azure%20Sentinel%20Ninja%3A%20The%20complete%20level%20400%20training%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1308637%22%20slang%3D%22en-US%22%3E%3CP%3EHey%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F293879%22%20target%3D%22_blank%22%3E%40Ofer_Shezaf%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3Ethis%20is%20wonderfull%2C%20perfect%20time%20when%20in%20covid%20wait%2C%20thank%20you%20%3B)%3C%2Fimg%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E~Moe%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1309120%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20an%20Azure%20Sentinel%20Ninja%3A%20The%20complete%20level%20400%20training%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1309120%22%20slang%3D%22en-US%22%3E%3CP%3EThank%20you%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F293879%22%20target%3D%22_blank%22%3E%40Ofer_Shezaf%20!%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20are%20glad%20for%20these%20sessions%20as%20we%20also%20have%20some%20extra%20time!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1312013%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20an%20Azure%20Sentinel%20Ninja%3A%20The%20complete%20level%20400%20training%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1312013%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F108979%22%20target%3D%22_blank%22%3E%40Taen%20keren%3C%2FA%3E%26nbsp%3B%3A%20Sentinel%20implementation%20is%20very%20use%20case%20specific%20-%20differnt%20users%20deploy%20it%20for%20different%20goals.%20A%20way%20to%20start%20would%20be%20to%20pick%20the%20sources%20you%20are%20most%20interested%20in%20monitoring%20and%20protecting.%20The%20connector%20page%20for%20those%20sources%20has%20anlaytics%20rules%2C%20workbooks%20and%20queries%20which%20would%20be%20the%20starting%20point%20listed%20on%20the%20%22what's%20next%22%20tab.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1312542%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20an%20Azure%20Sentinel%20Ninja%3A%20The%20complete%20level%20400%20training%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1312542%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F387181%22%20target%3D%22_blank%22%3E%40joseph2165%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20training%20blog%20is%20extensive%20but%20informal.%20Currently%20certification%20is%20only%20as%20part%20of%20Az500%20but%20it%20is%20at%20a%20much%20higher%20level.%26nbsp%3B%26nbsp%3BI%20agree%20that%20it%20is%20a%20good%20idea%20and%20will%20check%20how%20to%20do%20something%20like%20that.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E~%20Ofer%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1312546%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20an%20Azure%20Sentinel%20Ninja%3A%20The%20complete%20level%20400%20training%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1312546%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F621358%22%20target%3D%22_blank%22%3E%40Tmothibi%3C%2FA%3E%26nbsp%3B%3A%20I%20was%20able%20to%20and%20did%20not%20here%20of%20the%20issue%20from%20other%20people.%20Does%20it%20work%20now%3F%20If%20not%2C%20can%20you%20share%20with%20me%20privately%20the%20error%2Fissue%20details%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1313783%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20an%20Azure%20Sentinel%20Ninja%3A%20The%20complete%20level%20400%20training%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1313783%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3EAre%20the%20video%20links%20from%203%20%26amp%3B%204%20supposed%20to%20be%20the%20same%3F%26nbsp%3B%20They%20both%20(on%20youtube%20and%20onedrive)%20point%20to%20the%20same%20videos.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EReally%20enjoying%20this%20link%20so%20far%20so%20thanks%20for%20creating%20it.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1319137%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20an%20Azure%20Sentinel%20Ninja%3A%20The%20complete%20level%20400%20training%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1319137%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F625098%22%20target%3D%22_blank%22%3E%40fad3r%3C%2FA%3E%26nbsp%3B%3A%20Yes%2C%20they%20are%20the%20same.%20I%20presented%20both%20topics%20in%20a%20single%20Webinar.%20I%20will%20replace%20(3)%20this%20week%20as%20I%20am%20doing%20an%20updated%20Webinar%20dedicated%20to%20this%20topic.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1328489%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20an%20Azure%20Sentinel%20Ninja%3A%20The%20complete%20level%20400%20training%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1328489%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F293879%22%20target%3D%22_blank%22%3E%40Ofer_Shezaf%3C%2FA%3E%26nbsp%3BAz-500%20is%20going%20to%20be%20updated%20next%20month%20and%20there%20is%20only%20one%20small%20item%20about%20Sentinel%20in%20the%20new%20listing%20of%20topics%2C%20see%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fquery.prod.cms.rt.microsoft.com%2Fcms%2Fapi%2Fam%2Fbinary%2FRE3VC70%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fquery.prod.cms.rt.microsoft.com%2Fcms%2Fapi%2Fam%2Fbinary%2FRE3VC70%3C%2FA%3E.%20Could%20you%20please%20work%20with%20the%20exam%20team%20to%20get%20more%20Sentinel%20questions%20added%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1338349%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20an%20Azure%20Sentinel%20Ninja%3A%20The%20complete%20level%20400%20training%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1338349%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F293879%22%20target%3D%22_blank%22%3E%40Ofer_Shezaf%3C%2FA%3E%26nbsp%3B%2C%20First%20of%20all%20thank%20you%20for%20the%20training%20contents%20and%20it%20is%20really%20wonderful.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EDo%20we%20have%20plans%20to%20launch%20certification%20as%20well%20for%20Azure%20Sentinel%20Level%20400%20Ninja%20%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1338363%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20an%20Azure%20Sentinel%20Ninja%3A%20The%20complete%20level%20400%20training%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1338363%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F276809%22%20target%3D%22_blank%22%3E%40Nitish_Anand%3C%2FA%3E%26nbsp%3B%3A%20After%20posting%20the%20program%20I%20learned%20that%20many%20would%20have%20liked%20to%20have%20such%20a%20certificate.%20I%20am%20looking%20into%20this%2C%20but%20we%20have%20no%20short%20term%20plans%20around%20it%20as%20of%20yet.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1381777%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20an%20Azure%20Sentinel%20Ninja%3A%20The%20complete%20level%20400%20training%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1381777%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F293879%22%20target%3D%22_blank%22%3E%40Ofer_Shezaf%3C%2FA%3ECan%20you%20provide%20me%20the%20end%20to%20end%20architecture%20diagram%20for%20SOAR%3F%20for%20instance%20how%20the%20communication%20will%20happen%20between%20on-prem%20data%20center%20paloalto%2Fcheckpoint%20firewall%20and%20sentinel%20to%20block%20malicious%20IP%20address%2C%20port%20in%20paloalto%2Fcheckpoint%20firewall%3F%20what%20are%20all%20the%20components%20involved%20in%20SOAR%3F%20what%20are%20all%20prerequisite%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1388946%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20an%20Azure%20Sentinel%20Ninja%3A%20The%20complete%20level%20400%20training%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1388946%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F573980%22%20target%3D%22_blank%22%3E%40Vijaymkm%3C%2FA%3E%26nbsp%3B%3A%20refere%20to%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Flogic-apps%2Flogic-apps-gateway-connection%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Flogic-apps%2Flogic-apps-gateway-connection%3C%2FA%3E%26nbsp%3Bfor%20details%20on%20how%20to%20connect%20Logic%20Apps%2C%20our%20SOAR%20engine%2C%20to%20on-prem%20resources.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1408127%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20an%20Azure%20Sentinel%20Ninja%3A%20The%20complete%20level%20400%20training%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1408127%22%20slang%3D%22en-US%22%3E%3CP%3EThank%20you%20for%20this%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F293879%22%20target%3D%22_blank%22%3E%40Ofer_Shezaf%3C%2FA%3E%26nbsp%3B.%20This%20is%20great%20I%20was%20looking%20for%20a%20consolidated%20documentation%20that%20is%20a%20deep%20dive..!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E~egal%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1448027%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20an%20Azure%20Sentinel%20Ninja%3A%20The%20complete%20level%20400%20training%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1448027%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%20for%20the%20great%20info%3B%20sharing%20with%20my%20Linkedin%20Network%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1455841%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20an%20Azure%20Sentinel%20Ninja%3A%20The%20complete%20level%20400%20training%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1455841%22%20slang%3D%22en-US%22%3E%3CP%3EA%20great%20collection%20of%20resources%2C%20Thank%20you%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F293879%22%20target%3D%22_blank%22%3E%40Ofer_Shezaf%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1460959%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20an%20Azure%20Sentinel%20Ninja%3A%20The%20complete%20level%20400%20training%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1460959%22%20slang%3D%22en-US%22%3E%3CDIV%3E%3CFONT%3EHi%20Ofer%2C%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FFONT%3E%3C%2FDIV%3E%3CDIV%3E%3CFONT%3EUnder%20%3CSTRONG%3EModule%2013%3A%20Hunting%3C%2FSTRONG%3E%2C%20%3CEM%3E%22Threat%20Hunting%20-%20AWS%20using%20Sentinel%2C%20webinar%20on%20April%2022nd%2C%20register%20here.%22%3C%2FEM%3E%3C%2FFONT%3E%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%3CDIV%3E%3CFONT%3EShould've%20already%20happened%3F%20but%20i%20can't%20find%20the%20youtube%20video.%20If%20it%20never%20took%20place%20maybe%20handy%20to%20remove%20it%20from%20the%20list%3F%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FFONT%3E%3C%2FDIV%3E%3CDIV%3E%3CFONT%3E-%20Jurgen%3C%2FFONT%3E%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1461293%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20an%20Azure%20Sentinel%20Ninja%3A%20The%20complete%20level%20400%20training%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1461293%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F696143%22%20target%3D%22_blank%22%3E%40Jurgen790%3C%2FA%3E%26nbsp%3B%3A%20Thanks%20for%20the%20reminder.%20Updated.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1538918%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20an%20Azure%20Sentinel%20Ninja%3A%20The%20complete%20level%20400%20training%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1538918%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F293879%22%20target%3D%22_blank%22%3E%40Ofer_Shezaf%3C%2FA%3E%26nbsp%3B%20can%20you%20share%20the%20complete%20list%20of%20connector%20for%20security%20products%20i.e.%20Firewall%20(Checkpoint%2C%20paloalto%2C%20Cisco%2C%20etc)%2C%20IPS%2C%20Anti-malware%2C%20URL%20filtering%2C%20etc..I%20am%20unable%20to%20find%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fconnectors%2Fconnector-reference%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fconnectors%2Fconnector-reference%2F%3C%2FA%3E%26nbsp%3B.%20i%20am%20wondering%20how%20we%20can%20perform%20SOAR%20functions%20using%20logic%20apps%20without%20connectors%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1682890%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20an%20Azure%20Sentinel%20Ninja%3A%20The%20complete%20level%20400%20training%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1682890%22%20slang%3D%22en-US%22%3E%3CP%3Esuper%20useful%20content%20really%20liked%20the%20design%20sessions%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1747833%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20an%20Azure%20Sentinel%20Ninja%3A%20The%20complete%20level%20400%20training%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1747833%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%20for%20sharing%20!%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1246310%22%20slang%3D%22en-US%22%3EBecome%20an%20Azure%20Sentinel%20Ninja%3A%20The%20complete%20level%20400%20training%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1246310%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20been%20delivering%20level%20400%20Azure%20Sentinel%20for%20a%20while%2C%20and%20over%20time%20most%20of%20the%20training%20modules%20were%20recorded%20as%20webinars.%20In%20this%20blog%20post%2C%20I%20try%20to%20walk%20you%20through%20Azure%20Sentinel%20level%20400%20training%20and%20help%20you%20become%20Azure%20Sentinel%20master.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CPRE%3EAlready%20did%20the%20Ninja%20training%2C%20focus%20only%20on%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fazure-sentinel-ninja-training-the-july-2020-update%2Fba-p%2F1537247%22%20target%3D%22_self%22%3Erecent%20updates%3C%2FA%3E!%3C%2FPRE%3E%0A%3CH2%20id%3D%22toc-hId--1359172486%22%20id%3D%22toc-hId--1359172486%22%3ECurriculum%26nbsp%3B%3C%2FH2%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Curriculum.jpg%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F183841i98A9D4F89F6EE81E%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22Curriculum.jpg%22%20alt%3D%22Curriculum.jpg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThis%20training%20program%20includes%2016%20modules.%20For%20each%20module%2C%20the%20post%20includes%20a%20presentation%2C%20preferably%20recorder%20(when%20still%20not%2C%20we%20are%20working%20on%20the%20recording)%20as%20well%20as%20supporting%20information%3A%20relevant%20product%20documentation%2C%20blog%20posts%2C%20and%20other%20resources.%20%3CBR%20%2F%3E%3CBR%20%2F%3EThe%20modules%20listed%20below%20are%20split%20into%20five%20groups%20following%20the%20life%20cycle%20of%20a%20SOC%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId--668611012%22%20id%3D%22toc-hId--668611012%22%3EOverview%3C%2FH3%3E%0A%3CP%3E-%20Module%201%3A%20Technical%20overview%3C%2FP%3E%0A%3CP%3E-%20Module%202%3A%20Azure%20Sentinel%20role%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-1818901821%22%20id%3D%22toc-hId-1818901821%22%3EDesigning%26nbsp%3B%20Your%20Deployment%3C%2FH3%3E%0A%3CP%3E-%20Module%203%3A%20Cloud%20architecture%20and%20multi-workspace%2Ftenant%20support%3C%2FP%3E%0A%3CP%3E-%20Module%204%3A%20Collecting%20events%3C%2FP%3E%0A%3CP%3E-%20Module%205%3A%20Log%20Management%3C%2FP%3E%0A%3CP%3E-%20Module%206%3A%20Integrating%20threat%20intelligence%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-11447358%22%20id%3D%22toc-hId-11447358%22%3ECreating%20Content%3C%2FH3%3E%0A%3CP%3E-%20Module%207%3A%20Kusto%20Query%20Language%20(KQL)%20-%20the%20starting%20point%3C%2FP%3E%0A%3CP%3E-%20Module%208%3A%20Writing%20rules%20to%20implement%20detection%3C%2FP%3E%0A%3CP%3E-%20Module%209%3A%20Creating%20playbooks%20to%20implement%20SOAR%3C%2FP%3E%0A%3CP%3E-%20Module%2010%3A%20Creating%20workbooks%20to%20implement%20dashboards%20and%20apps%3C%2FP%3E%0A%3CP%3E-%20Module%2011%3A%20Implementing%20use%20cases%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId--1796007105%22%20id%3D%22toc-hId--1796007105%22%3ESecurity%20Operations%3C%2FH3%3E%0A%3CP%3E-%20Module%2012%3A%26nbsp%3BA%20day%20in%20a%20SOC%20analyst's%20life%2C%20incident%20management%2C%20and%20investigation%3C%2FP%3E%0A%3CP%3E-%20Module%2013%3A%20Hunting%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-691505728%22%20id%3D%22toc-hId-691505728%22%3EAdvanced%20Topics%3C%2FH3%3E%0A%3CP%3E-%20Module%2014%3A%20Automating%20and%20integrating%26nbsp%3B%3C%2FP%3E%0A%3CP%3E-%20Module%2015%3A%20Roadmap%20-%20since%20it%20requires%20an%20NDA%2C%20contact%20your%20Microsoft%20contact%20for%20details.%3C%2FP%3E%0A%3CP%3E-%20Module%2016%3A%20Where%20to%20go%20next%3F%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId--1115948735%22%20id%3D%22toc-hId--1115948735%22%3EWhat%20you%20will%20not%20find%20here%3F%3C%2FH3%3E%0A%3CP%3EBasic%20procedures%2C%20including%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Fquickstart-onboard%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Eonboarding%3C%2FA%3E%20Azure%20Sentinel%20and%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Fconnect-data-sources%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Econnecting%20data%20sources%3C%2FA%3E%20are%20best%20described%20in%20the%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2F%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Edocumentation%3C%2FA%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId--1126451839%22%20id%3D%22toc-hId--1126451839%22%3EModule%201%3A%20Technical%20overview%3C%2FH2%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CTABLE%20border%3D%221%22%20width%3D%22100%25%22%3E%0A%3CTBODY%3E%0A%3CTR%3E%0A%3CTD%20width%3D%2250%25%22%20style%3D%22width%3A%2015%25%3B%22%3E%3CSTRONG%3EStart%20Here%3C%2FSTRONG%3E%3C%2FTD%3E%0A%3CTD%20width%3D%2250%25%22%20style%3D%22width%3A%2085%25%3B%22%3E%0A%3CP%3EIf%20you%20want%20to%20get%20an%20initial%20overview%20of%20Azure%20Sentinel's%20technical%20capabilities.%20The%20presentation%20also%20serves%20as%20the%20Azure%20Sentinel%20Level%20200%20presentation%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EWebinar%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2F1drv.ms%2Fv%2Fs%2521AnEPjr8tHcNmggMkcVweWOqoxuN9%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3EMP4%3C%2FA%3E%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fyoutu.be%2F7An7BB-CcQI%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3EYouTube%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2F1drv.ms%2Fb%2Fs!AnEPjr8tHcNmgjrN_zHpzbnfX_mX%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3EPresentation%3C%2FA%3E%20(updated)%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%2250%25%22%20style%3D%22width%3A%2015%25%3B%22%3E%3CSTRONG%3EWant%20only%20a%20bird%20eye%20view%3F%3C%2FSTRONG%3E%3C%2FTD%3E%0A%3CTD%20width%3D%2250%25%22%20style%3D%22width%3A%2085%25%3B%22%3E%0A%3CP%3EIf%20you%20just%20want%20to%20understand%20what%20Azure%20Sentinel%20is%2C%20my%20favorite%20stating%20point%20is%20%3CA%20href%3D%22https%3A%2F%2Fwww.youtube.com%2Fwatch%3Ffeature%3Dyoutu.be%26amp%3Bv%3DoiWInLYvnUk%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3ESarah%20Young's%20layback%20video%20interview%20on%20Azure%20Sentinel%3C%2FA%3E.%26nbsp%3BAdwait%20Joshi%20and%20Ram%20Shankar's%20series%20is%20also%20good%20to%20watch%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3D2RuMhCmva4E%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%20data-interception%3D%22on%22%20data-cke-saved-href%3D%22https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3D2RuMhCmva4E%22%3EPart%201%3A%20Get%20started%20with%20a%20cloud-native%20SIEM%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DDqUeQFgue-M%26amp%3Bt%3D357s%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%20data-interception%3D%22on%22%20data-cke-saved-href%3D%22https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DDqUeQFgue-M%26amp%3Bt%3D357s%22%3EPart%202%3A%20Built-in%20AI%20to%20detect%20threats%20faster%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DrBPfDUOqkQo%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%20data-interception%3D%22on%22%20data-cke-saved-href%3D%22https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DrBPfDUOqkQo%22%3EPart%203%3A%26nbsp%3BInvestigate%20and%20automate%20threat%20responses%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId-1361060994%22%20id%3D%22toc-hId-1361060994%22%3EModule%202%3A%20How%20is%20Azure%20Sentinel%20used%3F%3C%2FH2%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CTABLE%20border%3D%221%22%20width%3D%22100%25%22%3E%0A%3CTBODY%3E%0A%3CTR%3E%0A%3CTD%20style%3D%22width%3A%2015%25%3B%22%3E%3CSTRONG%3EStart%20Here%3C%2FSTRONG%3E%3C%2FTD%3E%0A%3CTD%20style%3D%22width%3A%2085%25%3B%22%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3EStill%20at%20level%20200%3A%20what%20are%20the%20typical%20use%20for%20Azure%20Sentinel%3F%20What%20are%20customers%20finding%20in%20it%2C%20and%20also%2C%20how%20is%20it%20priced%3F%20All%20in%20this%26nbsp%3B%3C%2FSPAN%3E%3CA%20class%3D%22_e75a791d-denali-editor-page-rtfLink%22%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Fgxcuf89792%2Fattachments%2Fgxcuf89792%2FAzureSentinelBlog%2F243%2F1%2FL400-P2%2520Use%2520cases.pdf%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3Epresentation%3C%2FSPAN%3E%3C%2FA%3E%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20style%3D%22width%3A%2015%25%3B%22%3E%3CSTRONG%3EAs%20part%20of%20Microsoft%20Seucity%20stack%3C%2FSTRONG%3E%3C%2FTD%3E%0A%3CTD%20style%3D%22width%3A%2085%25%3B%22%3E%0A%3CUL%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Faka.ms%2Fazuresecuritycompass%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EThe%20Azure%20Security%20compass%3C%2FA%3E%3A%20Azure%20Sentinel%20as%20part%20of%20the%20Microsoft%20Security%20story%3C%2FLI%3E%0A%3CLI%3EUsing%20Sentinel%2C%20Azure%20Defender%20(ASC)%20and%20Microsoft%20Defender%20(MTP)%20to%20detect%20and%20response%20to%20a%20webshell%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fanalysing-web-shell-attacks-with-azure-defender-data-in-azure%2Fba-p%2F1724130%22%20target%3D%22_self%22%3EBlog%20Post%3C%2FA%3E%2C%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fvideo-hub%2Fwebshell-attack-deep-dive%2Fm-p%2F1698964%22%20target%3D%22_self%22%3EVideo%20demo%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20style%3D%22width%3A%2015%25%3B%22%3E%0A%3CH3%20id%3D%22toc-hId-2051622468%22%20id%3D%22toc-hId-2051622468%22%3E%3CSTRONG%3EThe%20side%20by%20side%20use%20case%3C%2FSTRONG%3E%3C%2FH3%3E%0A%3C%2FTD%3E%0A%3CTD%20style%3D%22width%3A%2085%25%3B%22%3E%0A%3CUL%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fsending-alerts-enriched-with-supporting-events-from-azure%2Fba-p%2F1456976%22%20target%3D%22_self%22%3ESending%20alerts%20enriched%20with%20supporting%20events%20from%20Azure%20Sentinel%20to%203rd%20party%20SIEMs%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fazure-sentinel-incident-bi-directional-sync-with-servicenow%2Fba-p%2F1667771%22%20target%3D%22_self%22%3EAzure%20Sentinel%20Incident%20Bi-directional%20sync%20with%20ServiceNow%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20style%3D%22width%3A%2015%25%3B%22%3E%0A%3CH3%20id%3D%22toc-hId--450995474%22%20id%3D%22toc-hId--450995474%22%3E%3CSTRONG%3EThe%20MSSP%20use%20case%3C%2FSTRONG%3E%3C%2FH3%3E%0A%3C%2FTD%3E%0A%3CTD%20style%3D%22width%3A%2085%25%3B%22%3E%0A%3CP%3EMost%20information%20about%20MSSP%20support%20is%20included%20in%20the%20next%20Module%2C%20cloud%20architecture%20and%20mult-tenant%20support.%20In%20aMSSPs%20will%20find%20this%20useful%3A%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fprotecting-mssp-s-intellectual-property-in-azure-sentinel%2Fba-p%2F1420941%22%20target%3D%22_self%22%3EProtecting%20MSSP%E2%80%99s%20Intellectual%20Property%20in%20Azure%20Sentinel%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fsecurity%2Fblog%2F2020%2F07%2F14%2Fmicrosoft-intelligent-security-association-managed-security-service-providers%2F%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EList%20of%20MSSPs%20using%20Azure%20Sentinel%3C%2FA%3E%20to%20provide%20their%20service%20who%20are%20members%20MISA%20(Microsoft%20Intelligent%20Security%20Association).%20There%20many%20other%20MSSPs%2C%20especially%20regional%20and%20smaller%2C%20that%20use%20Azure%20Sentinel%20but%20are%20not%20MISA%20members.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20style%3D%22width%3A%2015%25%3B%22%3E%0A%3CH3%20id%3D%22toc-hId-2036517359%22%20id%3D%22toc-hId-2036517359%22%3E%3CSTRONG%3ELearn%20from%20users%3C%2FSTRONG%3E%3C%2FH3%3E%0A%3C%2FTD%3E%0A%3CTD%20style%3D%22width%3A%2085%25%3B%22%3E%0A%3CP%3EThousands%20of%20organizations%20and%20service%20providers%20are%20using%20Azure%20Sentinel.%20As%20usual%20with%20security%20products%2C%20most%20do%20not%20go%20public%20about%20that.%20Still%20there%20are%20some.%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EYou%20can%20find%20public%20%3CA%20style%3D%22background-color%3A%20%23ffffff%3B%22%20href%3D%22https%3A%2F%2Fcustomers.microsoft.com%2Fen-us%2Fsearch%3Fsq%3D%2522Azure%2520Sentinel%2520%2522%26amp%3Bff%3D%26amp%3Bp%3D0%26amp%3Bso%3Dstory_publish_date%2520desc%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ecustomer%20use%20cases%20here%2C%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20style%3D%22font-family%3A%20inherit%3B%20background-color%3A%20%23ffffff%3B%22%20href%3D%22https%3A%2F%2Fwww.insightcdct.com%2F%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3EInsight%3C%2FA%3E%3CSPAN%20style%3D%22font-family%3A%20inherit%3B%22%3E%20released%20a%20use%20case%20about%20%3C%2FSPAN%3E%3CA%20style%3D%22font-family%3A%20inherit%3B%20background-color%3A%20%23ffffff%3B%22%20href%3D%22https%3A%2F%2Fwww.insightcdct.com%2FResources%2FCase-Studies%2FCase-Studies%2FNBA-Team-Adopts-Azure-Sentinel-for-a-Modern-Securi%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ean%20NBA%20team%20adapting%20Sentinel%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3EStuart%20Gregg%2C%26nbsp%3BSecurity%20Operations%20Manager%20%40%20ASOS%2C%20posted%20a%20much%20more%20detailed%20%3CA%20href%3D%22https%3A%2F%2Fmedium.com%2F%40stuart.gregg%2Fproactive-phishing-with-azure-sentinel-part-1-b570fff3113%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Eblog%20post%20from%20his%20experience%20with%20Azure%20Sentinel%2C%20focusing%20on%20hunting%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20style%3D%22width%3A%2015%25%3B%22%3E%0A%3CH3%20id%3D%22toc-hId-229062896%22%20id%3D%22toc-hId-229062896%22%3E%3CSTRONG%3EPrice%3C%2FSTRONG%3E%3C%2FH3%3E%0A%3C%2FTD%3E%0A%3CTD%20style%3D%22width%3A%2085%25%3B%22%3E%0A%3CUL%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fazure.microsoft.com%2Fen-us%2Fpricing%2Fcalculator%2F%3Fservice%3Dazure-sentinel%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EAzure%20Sentinel%20pricing%20calculator%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fazure.microsoft.com%2Fen-us%2Fpricing%2Fdetails%2Fazure-sentinel%2F%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EAzure%20Sentinel%3C%2FA%3E%20and%20%3CA%20href%3D%22https%3A%2F%2Fazure.microsoft.com%2Fen-us%2Fpricing%2Fdetails%2Fmonitor%2F%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3ELog%20Analytics%3C%2FA%3E%20pricing%20pages%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId--1707474286%22%20id%3D%22toc-hId--1707474286%22%3EModule%203%3A%20Cloud%20architecture%20and%20multi-workspace%2Ftenant%20support%3C%2FH2%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAn%20Azure%20Sentinel%20instance%20is%20called%20a%20workspace.%20Multiple%20workspaces%20are%20often%20necessary%20and%20can%20act%20together%20as%20a%20single%20Azure%20Sentinel%20system.%20A%20special%20use%20case%20is%20providing%20service%20using%20Azure%20Sentinel%2C%20for%20example%20by%20an%20MSSP%20(Managed%20Security%20Service%20Provider)%20or%20by%20a%20Global%20SOC%20in%20a%20large%20organization.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CTABLE%20border%3D%221%22%20width%3D%22100%25%22%3E%0A%3CTBODY%3E%0A%3CTR%3E%0A%3CTD%20width%3D%2210%25%22%3E%3CSTRONG%3EStart%20here%3C%2FSTRONG%3E%3C%2FTD%3E%0A%3CTD%20width%3D%2290%25%22%3E%0A%3CUL%3E%0A%3CLI%3EWebinar%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2F1drv.ms%2Fv%2Fs!AnEPjr8tHcNmgkqH7MASAKIg8ql8%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3EMP4%3C%2FA%3E%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fyoutu.be%2FhwahlwgJPnE%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3EYouTube%3C%2FA%3E%26nbsp%3B%3CFONT%20size%3D%222%22%3E(updated%20April%2020th%202020)%3C%2FFONT%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2F1drv.ms%2Fb%2Fs!AnEPjr8tHcNmgkkYuxOITkGSI7x8%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3EPresentation%3C%2FA%3E%26nbsp%3B%3CFONT%20size%3D%222%22%3E(updated%20April%2020th%202020)%3C%2FFONT%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Fextend-sentinel-across-workspaces-tenants%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EDocumentation%3A%26nbsp%3BExtend%20Azure%20Sentinel%20across%20workspaces%20and%20tenants%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%2210%25%22%3E%3CSTRONG%3ELearn%20more%3C%2FSTRONG%3E%3C%2FTD%3E%0A%3CTD%20width%3D%2290%25%22%3E%0A%3CUL%3E%0A%3CLI%3ELearn%20how%20to%20manage%20Azure%20Sentinel%20using%20CD%2FCI%20methodology%20and%20a%20GitHub%20repository%20in%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fdeploying-and-managing-azure-sentinel-as-code%2Fba-p%2F1131928%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3EDeploying%20and%20Managing%20Azure%20Sentinel%20as%20Code%3C%2FA%3E%26nbsp%3Bas%20well%20as%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fcombining-azure-lighthouse-with-sentinel-s-devops-capabilities%2Fba-p%2F1210966%22%20target%3D%22_self%22%3E%20extend%20this%20capability%20across%20workspaces%20and%20tenants%20using%20Azure%20Lighthouse%3C%2FA%3E.%26nbsp%3B%3C%2FLI%3E%0A%3CLI%3EUse%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fazure-monitor%2Flog-query%2Fcross-workspace-query%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EKQL%20queries%20in%20Azure%20Sentinel%20across%20workspaces%3C%2FA%3E%20to%20combine%20multiple%20workspaces%20into%20a%20single%20system.%26nbsp%3B%3C%2FLI%3E%0A%3CLI%3EUse%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fcontrolling-access-to-azure-sentinel-data-resource-rbac%2Fba-p%2F1301463%22%20target%3D%22_self%22%3E%20resource%20RBAC%3C%2FA%3E%20to%20enable%20multiple%20teams%20to%20use%20a%20single%20workspace.%3C%2FLI%3E%0A%3CLI%3EUse%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fazure-monitor%2Fplatform%2Fprivate-link-security%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Eprivate%20links%3C%2FA%3E%26nbsp%3Bto%20ensure%20logs%20never%20leave%20your%20private%20network.%26nbsp%3B%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId-780038547%22%20id%3D%22toc-hId-780038547%22%3EModule%204%3A%20Collecting%20events%3C%2FH2%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CTABLE%20border%3D%221%22%20width%3D%22100%25%22%3E%0A%3CTBODY%3E%0A%3CTR%3E%0A%3CTD%20width%3D%2210%25%22%3E%3CSTRONG%3EStart%20Here%3C%2FSTRONG%3E%3C%2FTD%3E%0A%3CTD%20width%3D%2290%25%22%3E%0A%3CUL%3E%0A%3CLI%3EOverview%20webinar%20(includes%20Module%203)%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fyoutu.be%2F_mm3GNwPBHU%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3EYouTube%3C%2FA%3E%2C%20%3CA%20href%3D%22https%3A%2F%2F1drv.ms%2Fv%2Fs%2521AnEPjr8tHcNmggvs6o4EcxYTgvV6%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3EMP4%3C%2FA%3E%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2F1drv.ms%2Fb%2Fs!AnEPjr8tHcNmgjuszn8-jty5Gbx7%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3EDeck%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3EThe%20log%20forwarder%20deep%20dive%20webinar%20(plus%20a%20bonus%3A%20learn%20how%20to%20use%20it%20to%20filter%20events)%3A%26nbsp%3B%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fyoutu.be%2Fjtv-k2CyH-g%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EYouTube%3C%2FA%3E%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2F1drv.ms%2Fv%2Fs!AnEPjr8tHcNmg13iygEzKzKzKKPf%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EMP4%3C%2FA%3E%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2F1drv.ms%2Fb%2Fs!AnEPjr8tHcNmg17QwR3scS4N4DiJ%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EDeck%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%2210%25%22%3E%3CSTRONG%3ELearn%20More%3C%2FSTRONG%3E%3C%2FTD%3E%0A%3CTD%20width%3D%2290%25%22%3E%0A%3CUL%3E%0A%3CLI%3EFormal%20documentation%20about%20the%26nbsp%3B%3CA%20tabindex%3D%22-1%22%20title%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Fconnect-data-sources%22%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Fconnect-data-sources%22%20target%3D%22_blank%22%20rel%3D%22noreferrer%20noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ebuilt-in%20connectors%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSTRONG%3EThe%20grand%20list%3C%2FSTRONG%3E%3A%26nbsp%3B%3CA%20tabindex%3D%22-1%22%20title%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fazure-sentinel-syslog-cef-and-other-3rd-party-connectors-grand%2Fba-p%2F803891%22%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FAzure-Sentinel%2FAzure-Sentinel-Syslog-CEF-and-other-3rd-party-connectors-grand%2Fba-p%2F803891%22%20target%3D%22_blank%22%20rel%3D%22noreferrer%20noopener%22%3EFind%20here%20the%20many%20sources%20that%20Sentinel%20can%20collect%20from%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSTRONG%3EMicrosoft%20sources%3C%2FSTRONG%3E%3A%26nbsp%3B%26nbsp%3B%3CA%20tabindex%3D%22-1%22%20title%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fazure-sentinel-collecting-logs-from-microsoft-services-and%2Fba-p%2F792669%22%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FAzure-Sentinel%2FAzure-Sentinel-Collecting-logs-from-Microsoft-Services-and%2Fba-p%2F792669%22%20target%3D%22_blank%22%20rel%3D%22noreferrer%20noopener%22%3ECollecting%20logs%20from%20Microsoft%20Services%20and%20Applications%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSTRONG%3EThe%20Log%20Analytics%20agent%20(a.k.a%20OMS%20Agent)%3C%2FSTRONG%3E%3A%26nbsp%3B%3CA%20tabindex%3D%22-1%22%20title%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fazure-sentinel-agent-collecting-telemetry-from-on-prem-and-iaas%2Fba-p%2F811760%22%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FAzure-Sentinel%2FAzure-Sentinel-Agent-Collecting-telemetry-from-on-prem-and-IaaS%2Fba-p%2F811760%22%20target%3D%22_blank%22%20rel%3D%22noreferrer%20noopener%22%3ECollecting%20telemetry%20from%20on-prem%20and%20IaaS%20server%20using%20the%20Log%20Analytics%20agent%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSTRONG%3ECustom%3C%2FSTRONG%3E%3A%26nbsp%3B%3CA%20tabindex%3D%22-1%22%20title%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fazure-sentinel-creating-custom-connectors%2Fba-p%2F864060%22%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FAzure-Sentinel%2FAzure-Sentinel-Creating-Custom-Connectors%2Fba-p%2F864060%22%20target%3D%22_blank%22%20rel%3D%22noreferrer%20noopener%22%3ECreating%20Custom%20Connectors%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId--1027415916%22%20id%3D%22toc-hId--1027415916%22%3EModule%205%3A%20Log%20Management%3C%2FH2%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3EWe%20are%20working%20on%20a%20presentation%20for%20this%20module%2C%20meanwhile%20here%20are%20some%20important%20pointers%20to%20learn%20more%20from%3A%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-1589179636%22%20id%3D%22toc-hId-1589179636%22%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3EStorage%20Management%3C%2FSPAN%3E%3C%2FH3%3E%0A%3CUL%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fcli%2Fazure%2Fmonitor%2Flog-analytics%2Fworkspace%2Fdata-export%3Fview%3Dazure-cli-latest%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3EExport%20from%20Azure%20Sentinel%20%2F%20Log%20Analytics%20to%20Azure%20Storage%20ot%20an%20Event%20Hub%3C%2FSPAN%3E%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fmove-your-azure-sentinel-logs-to-long-term-storage-with-ease%2Fba-p%2F1407153%22%20target%3D%22_self%22%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3EMove%20Logs%20to%20Long-Term%20Storage%20using%20Logic%20Apps%3C%2FSPAN%3E%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3ESet%20fine-grained%20retention%20periods%20using%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fpremier-field-engineering%2Fazure-log-analytics-data-retention-by-type-in-real-life%2Fba-p%2F1416287%22%20target%3D%22_self%22%3Etable%20level%20retention%20settings%3C%2FA%3E%3C%2FSPAN%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3E%26nbsp%3B(and%26nbsp%3B%3C%2FSPAN%3E%3CA%20class%3D%22_e75a791d-denali-editor-page-rtfLink%22%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fnew-per-data-type-retention-is-now-available-for-azure-sentinel%2Fba-p%2F917316%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3Edocumentation%3C%2FA%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3E)%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId--218274827%22%20id%3D%22toc-hId--218274827%22%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3ELogs%20Security%3C%2FSPAN%3E%3C%2FH3%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3EManage%20access%20to%20data%20using%26nbsp%3B%3C%2FSPAN%3E%3CA%20class%3D%22_e75a791d-denali-editor-page-rtfLink%22%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Ftable-level-rbac-in-azure-sentinel%2Fba-p%2F965043%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3Etable%20Level%20RBAC%3C%2FSPAN%3E%3C%2FA%3E%26nbsp%3B%3C%2FLI%3E%0A%3CLI%3EUse%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fcontrolling-access-to-azure-sentinel-data-resource-rbac%2Fba-p%2F1301463%22%20target%3D%22_self%22%3E%20resource%20RBAC%3C%2FA%3E%20to%20enable%20multiple%20teams%20to%20use%20a%20single%20workspace.%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3EManage%26nbsp%3B%3C%2FSPAN%3E%3CA%20class%3D%22_e75a791d-denali-editor-page-rtfLink%22%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-gb%2Fazure%2Fazure-monitor%2Fplatform%2Fpersonal-data-mgmt%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3EPII%20management%20delete%20data%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3E%26nbsp%3Bfrom%20your%20workspaces%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3EAudit%20queries%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3E%3CA%20href%3D%22http%3A%2F%2F%2520https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fazure-monitor%2Flog-query%2Fquery-audit%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Edocumentation%3C%2FA%3E%3C%2FSPAN%3E%26nbsp%3Band%20a%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fauditing-azure-sentinel-activities%2Fba-p%2F1718328%22%20target%3D%22_self%22%3Eblog%20on%20how%20to%20use%20them%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CH3%20id%3D%22toc-hId--2025729290%22%20id%3D%22toc-hId--2025729290%22%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3EVisualization%20and%20analysis%3C%2FSPAN%3E%3C%2FH3%3E%0A%3CUL%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DRx7rJhjzTZA%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3EGet%20Sentinel%20data%20into%20Excel%3C%2FSPAN%3E%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId-332700824%22%20id%3D%22toc-hId-332700824%22%3EModule%206%3A%20Threat%20Intelligence%3C%2FH2%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CTABLE%20border%3D%221%22%20width%3D%22100%25%22%3E%0A%3CTBODY%3E%0A%3CTR%3E%0A%3CTD%20width%3D%2250%25%22%20style%3D%22width%3A%2010%25%3B%22%3E%3CSTRONG%3EStart%20Here%3C%2FSTRONG%3E%3C%2FTD%3E%0A%3CTD%20width%3D%2250%25%22%20style%3D%22width%3A%2090%25%3B%22%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%3EWebinar%3A%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fyoutu.be%2FzfoVe4iarto%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EYouTube%3C%2FA%3E%3C%2FSPAN%3E%3CSPAN%3E%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2F1drv.ms%2Fv%2Fs!AnEPjr8tHcNmgi8zazMLahRyycPf%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EMP4%3C%2FA%3E%3C%2FSPAN%3E%26nbsp%3B%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%3CA%20href%3D%22https%3A%2F%2F1drv.ms%2Fb%2Fs!AnEPjr8tHcNmgi0pABN930p56id_%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EPresentation%3C%2FA%3E%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3EThe%20blog%20post%20%22%3C%2FSPAN%3E%3CA%20class%3D%22_e75a791d-denali-editor-page-rtfLink%22%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fbring-your-threat-intelligence-to-azure-sentinel%2Fba-p%2F1167546%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3Ebring%20your%20threat%20intelligence%20to%20Azure%20Sentinel.%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3E%22%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%2250%25%22%20style%3D%22width%3A%2010%25%3B%22%3E%3CSTRONG%3ELearn%20More%3C%2FSTRONG%3E%3C%2FTD%3E%0A%3CTD%20width%3D%2250%25%22%20style%3D%22width%3A%2090%25%3B%22%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fconnect-x-force-exchange-api-on-azure-sentinel%2Fba-p%2F1246880%22%20target%3D%22_self%22%3EUse%20TAXII%20to%20connect%20X-Force%20threat%20intelligence%3C%2FA%3E%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fingesting-alien-vault-otx-threat-indicators-into-azure-sentinel%2Fba-p%2F1086566%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3EIngesting%20Alien%20Vault%20OTX%20Threat%20Indicators%20into%20Azure%20Sentinel%3C%2FA%3E%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fmay-the-quot-ti-quot-be-with-you-connect-threatconnect-tip-with%2Fba-p%2F1460379%22%20target%3D%22_self%22%3E%3CSPAN%3EConnect%20ThreatConnect%20TIP%20with%20Azure%20Sentinel%3C%2FSPAN%3E%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%0A%3CDIV%20class%3D%22wiki-section-and-add%22%3E%0A%3CDIV%20id%3D%22section-6%22%20class%3D%22ts-wiki-section%22%20tabindex%3D%22-1%22%3E%0A%3CDIV%20class%3D%22wiki-canvas-inside-section%22%3E%0A%3CDIV%20class%3D%22ts-wiki-section-view%22%3E%0A%3CDIV%20class%3D%22ts-wiki-viewer%22%3E%0A%3CDIV%20class%3D%22ts-wiki-viewer-content-and-marker%22%3E%26nbsp%3B%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3CH2%20id%3D%22toc-hId--776591698%22%20id%3D%22toc-hId--776591698%22%3EModule%207%3A%20KQL%3C%2FH2%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3EMost%20Azure%20Sentinel%20capabilities%20use%26nbsp%3B%3C%2FSPAN%3E%3CA%20class%3D%22_e75a791d-denali-editor-page-rtfLink%22%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fkusto%2Fquery%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3EKQL%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3E%26nbsp%3Bor%20Kusto%20Query%20Language.%20When%20you%20search%20in%20your%20logs%2C%20write%20rules%2C%20creating%20hunting%20queries%20or%20create%20workbooks%2C%20you%20use%20KQL.%26nbsp%3B%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3EWe%20suggest%20you%20follow%20this%20Sentinel%20KQL%20journey%3A%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22lia-align-left%22%3E%3CEM%3E%3CSTRONG%3E%3CA%20class%3D%22_e75a791d-denali-editor-page-rtfLink%22%20href%3D%22https%3A%2F%2Fwww.pluralsight.com%2Fcourses%2Fkusto-query-language-kql-from-scratch%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3EPluralsight%20KQL%20course%3C%2FA%3E%26nbsp%3B-%20the%20basics%3C%2FSTRONG%3E%3C%2FEM%3E%3C%2FP%3E%0A%3CP%20class%3D%22lia-align-left%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-left%22%20image-alt%3D%22down-254093_1280.png%22%20style%3D%22width%3A%2046px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F202625iF38FDF0D32EB84BE%2Fimage-dimensions%2F46x46%3Fv%3D1.0%22%20width%3D%2246%22%20height%3D%2246%22%20role%3D%22button%22%20title%3D%22down-254093_1280.png%22%20alt%3D%22down-254093_1280.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20class%3D%22lia-align-left%22%3E%3CEM%3E%3CSTRONG%3E%3CA%20href%3D%22https%3A%2F%2Fwww.pluralsight.com%2Fcourses%2Fmicrosoft-azure-data-explorer-advanced-query-capabilities%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3EPluralight%20Advanced%20KQL%20course%3C%2FA%3E%3C%2FSTRONG%3E%3C%2FEM%3E%3C%2FP%3E%0A%3CP%20class%3D%22lia-align-left%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-left%22%20image-alt%3D%22down-254093_1280.png%22%20style%3D%22width%3A%2046px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F202625iF38FDF0D32EB84BE%2Fimage-dimensions%2F46x46%3Fv%3D1.0%22%20width%3D%2246%22%20height%3D%2246%22%20role%3D%22button%22%20title%3D%22down-254093_1280.png%22%20alt%3D%22down-254093_1280.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20class%3D%22lia-align-left%22%3E%3CEM%3E%3CSTRONG%3EThe%20Azure%20Sentinel%20KQL%20Lab%3A%3C%2FSTRONG%3E%3C%2FEM%3E%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%20class%3D%22lia-align-left%22%3E%3CEM%3E%3CSTRONG%3Ean%20interactive%20lab%20teaching%20KQL%20focusing%20on%20what%20you%20need%20for%20Azure%20Sentinel%3A%20%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FAzS_KQL2_28JUL20_MP4%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EDeck%3C%2FA%3E%2C%20%3CA%20style%3D%22background-color%3A%20%23ffffff%3B%22%20href%3D%22https%3A%2F%2Faka.ms%2Flademo%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3ELab%20URL%3B%3C%2FA%3E%20%3C%2FSTRONG%3E%3C%2FEM%3E%3C%2FLI%3E%0A%3CLI%20class%3D%22lia-align-left%22%3E%3CEM%3E%3CSTRONG%3EA%20%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2Fjjsantanna%2Fazure_sentinel_learn_kql_lab%2Fblob%2Fmaster%2Fazure_sentinel_learn_kql_lab.ipynb%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EJupyter%20Notebooks%20version%3C%2FA%3E%20contrinuted%20by%20jjsantanna%2C%20which%20let%20you%20test%20the%20queries%20within%20the%20notebook.%3C%2FSTRONG%3E%3C%2FEM%3E%3C%2FLI%3E%0A%3CLI%20class%3D%22lia-align-left%22%3E%3CEM%3E%3CSTRONG%3ELearning%20webinar%3A%26nbsp%3B%3C%2FSTRONG%3E%3C%2FEM%3E%3CEM%3E%3CSTRONG%3E%3CA%20style%3D%22background-color%3A%20%23ffffff%3B%22%20href%3D%22https%3A%2F%2Fyoutu.be%2FEDCBLULjtCM%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3EYoutube%3C%2FA%3E%2C%20%3CA%20style%3D%22background-color%3A%20%23ffffff%3B%22%20href%3D%22https%3A%2F%2F1drv.ms%2Fv%2Fs!AnEPjr8tHcNmglwAjUjmYy2Qn5J-%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3EMP4%3B%3C%2FA%3E%3C%2FSTRONG%3E%3C%2FEM%3E%3C%2FLI%3E%0A%3CLI%20class%3D%22lia-align-left%22%3E%3CEM%3E%3CSTRONG%3EReviewing%20lab%20solutions%20webinar%3A%20%3CA%20href%3D%22https%3A%2F%2Fyoutu.be%2FYKD_OFLMpf8%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EYouTube%3C%2FA%3E%2C%20%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FAzS_KQL2_28JUL20_MP4%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EMP4%3C%2FA%3E%3C%2FSTRONG%3E%3C%2FEM%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%3CEM%3E%3CSTRONG%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-left%22%20image-alt%3D%22down-254093_1280.png%22%20style%3D%22width%3A%2046px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F202625iF38FDF0D32EB84BE%2Fimage-dimensions%2F46x46%3Fv%3D1.0%22%20width%3D%2246%22%20height%3D%2246%22%20role%3D%22button%22%20title%3D%22down-254093_1280.png%22%20alt%3D%22down-254093_1280.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3EOptimizing%20Azure%20Sentinel%20KQL%20queries%20performance%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fyoutu.be%2FjN1Cz0JcLYU%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EYouTube%3C%2FA%3E%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FAzS_09SEP20_MP4%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EMP4%3C%2FA%3E%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2F1drv.ms%2Fb%2Fs!AnEPjr8tHcNmg2imjIS8NABc26b-%3Fe%3DrXZrR5%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EDeck%3C%2FA%3E%3C%2FSTRONG%3E%3C%2FEM%3E%3C%2FP%3E%0A%3CP%20class%3D%22lia-align-left%22%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-left%22%20image-alt%3D%22down-254093_1280.png%22%20style%3D%22width%3A%2046px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F202625iF38FDF0D32EB84BE%2Fimage-dimensions%2F46x46%3Fv%3D1.0%22%20width%3D%2246%22%20height%3D%2246%22%20role%3D%22button%22%20title%3D%22down-254093_1280.png%22%20alt%3D%22down-254093_1280.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20class%3D%22lia-align-left%22%3E%3CEM%3E%3CSTRONG%3EContinue%20with%20module%208%20below%2C%20on%20how%20to%20write%20rules%2C%20and%20module%2011%2C%20bringing%20many%20useful%20examples%3C%2FSTRONG%3E%3C%2FEM%3E%3C%2FP%3E%0A%3CP%20class%3D%22lia-align-left%22%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CTABLE%20border%3D%221%22%20width%3D%22100%25%22%3E%0A%3CTBODY%3E%0A%3CTR%3E%0A%3CTD%20width%3D%2250%25%22%20style%3D%22width%3A%2010%25%3B%22%3E%3CSTRONG%3ELearn%20more%3C%2FSTRONG%3E%3C%2FTD%3E%0A%3CTD%20width%3D%2250%25%22%20style%3D%22width%3A%2090%25%3B%22%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3E%3CA%20class%3D%22_e75a791d-denali-editor-page-rtfLink%22%20href%3D%22https%3A%2F%2Fwww.mbsecure.nl%2Fblog%2F2019%2F12%2Fkql-cheat-sheet%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3EKQL%20Cheat%20Sheet%3C%2FA%3E%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3EIn%20addition%20to%20KQL%2C%20to%20applying%20it%20to%20Azure%20Sentinel%20requires%20understanding%20the%20schema%20used%20by%20Azure%20Sentinel%20for%26nbsp%3B%26nbsp%3B%3CA%20class%3D%22_e75a791d-denali-editor-page-rtfLink%22%20style%3D%22font-family%3A%20inherit%3B%20background-color%3A%20%23ffffff%3B%22%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FAzure-Sentinel%2Fwiki%2FDataSource-Schema-Reference%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3Ekeys%20Microsoft%20and%203rd%20party%20sources%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3E%26nbsp%3Band%20for%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fazure-monitor%2Freference%2F%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Emost%20other%20Azure%20sources%3C%2FA%3E%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fazure-monitor%2Flog-query%2Fquery-optimization%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3EQuery%20optimization%3C%2FA%3E%3C%2FP%3E%0A%3C%2FLI%3E%0A%3CLI%3EFunctions%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fusing-kql-functions-to-speed-up-analysis-in-azure-sentinel%2Fba-p%2F712381%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3EUsing%20KQL%20functions%20to%20speed%20up%20analysis%20in%20Azure%20Sentinel%3C%2FA%3E%26nbsp%3Band%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fenriching-windows-security-events-with-parameterized-function%2Fba-p%2F1712564%22%20target%3D%22_self%22%3EEnriching%20Windows%20Security%20Events%20with%20Parameterized%20Function%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId-1710921135%22%20id%3D%22toc-hId-1710921135%22%3EModule%208%3A%20Write%20rules%3C%2FH2%3E%0A%3CTABLE%20border%3D%221%22%20width%3D%22100%25%22%3E%0A%3CTBODY%3E%0A%3CTR%3E%0A%3CTD%20width%3D%2250%25%22%20style%3D%22width%3A%2010%25%3B%22%3E%3CSTRONG%3EStart%20here%3C%2FSTRONG%3E%3C%2FTD%3E%0A%3CTD%20width%3D%2250%25%22%20style%3D%22width%3A%2090%25%3B%22%3E%0A%3CUL%3E%0A%3CLI%3EWebinar%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2F1drv.ms%2Fv%2Fs%2521AnEPjr8tHcNmghlWrlBCPKwT5WTT%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3EMP4%3C%2FA%3E%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fyoutu.be%2FpJjljBT4ipQ%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3EYouTube%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2F1drv.ms%2Fb%2Fs!AnEPjr8tHcNmgmffNHf0wqmNEqdx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3EPresentation%3C%2FA%3E%26nbsp%3B(updated)%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%2250%25%22%20style%3D%22width%3A%2010%25%3B%22%3E%3CSTRONG%3ELearn%20more%3C%2FSTRONG%3E%3C%2FTD%3E%0A%3CTD%20width%3D%2250%25%22%20style%3D%22width%3A%2090%25%3B%22%3E%0A%3CUL%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fazure-sentinel-correlation-rules-active-lists-out-make-list-in%2Fba-p%2F1029225%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3EAzure%20Sentinel%20correlation%20rules%3A%20using%20lists%20and%20the%20%22in%22%20operator%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fazure-sentinel-correlation-rules-the-join-kql-operator%2Fba-p%2F1041500%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3EAzure%20Sentinel%20correlation%20rules%3A%20the%20%22join%22%20operator%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20style%3D%22font-family%3A%20inherit%3B%20background-color%3A%20%23ffffff%3B%22%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fimplementing-lookups-in-azure-sentinel-part-1-reference-files%2Fba-p%2F1091306%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3EImplementing%20Lookups%20in%20Azure%20Sentinel%3C%2FA%3E%26nbsp%3Bas%20well%20as%26nbsp%3B%3CA%20id%3D%22link_7%22%20class%3D%22page-link%20lia-link-navigation%20lia-custom-event%22%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fapproximate-partial-and-combined-lookups-in-azure-sentinel%2Fba-p%2F1393795%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3EApproximate%2C%20partial%20%26amp%3B%20combined%20lookups%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fhandling-sliding-windows-in-azure-sentinel-rules%2Fba-p%2F1505394%22%20target%3D%22_self%22%3EHandling%20sliding%20windows%20in%20Azure%20Sentinel%20rules%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fusing-kql-functions-to-speed-up-analysis-in-azure-sentinel%2Fba-p%2F712381%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3EUsing%20KQL%20functions%20to%20speed%20up%20analysis%20in%20Azure%20Sentinel%3C%2FA%3E%26nbsp%3Band%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fenriching-windows-security-events-with-parameterized-function%2Fba-p%2F1712564%22%20target%3D%22_self%22%3EEnriching%20Windows%20Security%20Events%20with%20Parameterized%20Function%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fazure-sentinel-sigma-and-soc-prime-integration-part-1%2Fba-p%2F1232903%22%20target%3D%22_self%22%3EConvert%20Sigma%20rules%20to%20Azure%20Sentinel%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3EWriting%20rules%20requires%20understanding%20the%20schema%20used%20by%20Azure%20Sentinel%20for%26nbsp%3B%26nbsp%3B%3CA%20class%3D%22_e75a791d-denali-editor-page-rtfLink%22%20style%3D%22font-family%3A%20inherit%3B%20background-color%3A%20%23ffffff%3B%22%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FAzure-Sentinel%2Fwiki%2FDataSource-Schema-Reference%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3Ekeys%20Microsoft%20and%203rd%20party%20sources%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3E%26nbsp%3Band%20for%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fazure-monitor%2Freference%2F%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Emost%20other%20Azure%20sources%3C%2FA%3E%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId--96533328%22%20id%3D%22toc-hId--96533328%22%3EModule%209%3A%20Creating%20playbooks%3C%2FH2%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CTABLE%20border%3D%221%22%20width%3D%22100%25%22%3E%0A%3CTBODY%3E%0A%3CTR%3E%0A%3CTD%20width%3D%2250%25%22%20style%3D%22width%3A%2010%25%3B%22%3E%3CSTRONG%3EStart%20Here%3C%2FSTRONG%3E%3C%2FTD%3E%0A%3CTD%20width%3D%2250%25%22%20style%3D%22width%3A%2090%25%3B%22%3E%0A%3CUL%3E%0A%3CLI%3EWebinar%3A%26nbsp%3B%3CA%20style%3D%22background-color%3A%20%23ffffff%3B%20color%3A%20%23063e6c%3B%20outline%3A%200px%3B%22%20href%3D%22https%3A%2F%2Fyoutu.be%2FG6TIzJK8XBA%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EYouTube%3C%2FA%3E%2C%26nbsp%3B%3CA%20style%3D%22background-color%3A%20%23ffffff%3B%22%20href%3D%22https%3A%2F%2Faka.ms%2FAzS_LA_30SEP20_MP4%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EMP4%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3EPresentation%3A%20%3CA%20href%3D%22https%3A%2F%2F1drv.ms%2Fb%2Fs!AnEPjr8tHcNmhAKStlujGha80s6c%3Fe%3Dn7Zvrw%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EDeck%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%2250%25%22%20style%3D%22width%3A%2010%25%3B%22%3E%3CSTRONG%3ELearn%20More%3C%2FSTRONG%3E%3C%2FTD%3E%0A%3CTD%20width%3D%2250%25%22%20style%3D%22width%3A%2090%25%3B%22%3E%0A%3CUL%3E%0A%3CLI%3ERead%20about%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Flogic-apps%2Flogic-apps-overview%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3ELogic%20Apps%3C%2FA%3E%2C%20which%20is%20the%20core%20technology%20driving%20Azure%20Sentinel%20playbooks.%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Ftutorial-respond-threats-playbook%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3ECreate%20Playbooks%20in%20Azure%20Sentinel%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fconnectors%2Fazuresentinel%2F%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EThe%20Azure%20Sentinel%20Logic%20App%20connector%3C%2FA%3E%20is%20link%20between%20Logic%20Apps%20and%20Azure%20Sentinel%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId--1903987791%22%20id%3D%22toc-hId--1903987791%22%3EModule%2010%3A%20Workbooks%2C%20reporting%20and%20visualization%3C%2FH2%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CTABLE%20border%3D%221%22%20width%3D%22100%25%22%3E%0A%3CTBODY%3E%0A%3CTR%3E%0A%3CTD%20width%3D%2250%25%22%20height%3D%2229px%22%20style%3D%22width%3A%2010%25%3B%22%3E%3CSTRONG%3EStart%20Here%3C%2FSTRONG%3E%3C%2FTD%3E%0A%3CTD%20width%3D%2250%25%22%20height%3D%2229px%22%20style%3D%22width%3A%2090%25%3B%22%3EWatch%20the%20Webinar%3A%26nbsp%3B%3CFONT%20face%3D%22%26quot%3BSegoeUI%26quot%3B%2C%26quot%3BLato%26quot%3B%2C%26quot%3BHelvetica%20Neue%26quot%3B%2CHelvetica%2CArial%2Csans-serif%22%3E%3CA%20title%3D%22YouTube%22%20href%3D%22https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3D7eYNaYSsk1A%26amp%3Blist%3DPLmAptfqzxVEUD7-w180kVApknWHJCXf0j%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EYouTube%3C%2FA%3E%2C%26nbsp%3B%3CA%20title%3D%22MP4%22%20href%3D%22https%3A%2F%2F1drv.ms%2Fv%2Fs!AnEPjr8tHcNmgnW6GuShRIQatg8k%3Fe%3DiPA7hh%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EMP4%3C%2FA%3E%2C%26nbsp%3B%3CA%20title%3D%22Deck%22%20href%3D%22https%3A%2F%2F1drv.ms%2Fp%2Fs!AnEPjr8tHcNmgnY-Yb8LQk3h70C0%3Fe%3DAkC4oT%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EDeck%3C%2FA%3E%3C%2FFONT%3E%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20style%3D%22width%3A%2010%25%3B%22%3E%3CSTRONG%3ECool%20workbooks%3C%2FSTRONG%3E%3C%2FTD%3E%0A%3CTD%20style%3D%22width%3A%2090%25%3B%22%3E%0A%3CP%3EWe%20have%20some%20really%20cool%20workbooks%20that%20you%20can%20use%2C%20but%20also%20learn%20from%20how%20to%20build%20your%20own%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fhow-to-use-azure-monitor-workbooks-to-map-sentinel-data%2Fba-p%2F971818%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%20data-cke-saved-href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fhow-to-use-azure-monitor-workbooks-to-map-sentinel-data%2Fba-p%2F971818%22%3EHow%20to%20use%20Azure%20Monitor%20Workbooks%20to%20map%20Sentinel%20data%3C%2FA%3E%26nbsp%3B%3CU%3E%3C%2FU%3E%3C%2FLI%3E%0A%3CLI%3E%3CU%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fhow-to-use-azure-sentinel-to-follow-a-users-travel-and-map-their%2Fba-p%2F981716%22%20target%3D%22_self%22%3EHow%20to%20use%20Azure%20Sentinel%20to%20follow%20a%20Users%20travel%20and%20map%20their%20location%3C%2FA%3E%3C%2FU%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%2250%25%22%20height%3D%2229px%22%20style%3D%22width%3A%2010%25%3B%22%3E%3CSTRONG%3ELearn%20more%3C%2FSTRONG%3E%3C%2FTD%3E%0A%3CTD%20width%3D%2250%25%22%20height%3D%2229px%22%20style%3D%22width%3A%2090%25%3B%22%3E%0A%3CUL%3E%0A%3CLI%3E%3CA%20id%3D%22link_6%22%20class%3D%22page-link%20lia-link-navigation%20lia-custom-event%22%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fusing-the-sentinel-api-to-view-data-in-a-workbook%2Fba-p%2F1386436%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3EUsing%20the%20Sentinel%20API%20to%20view%20data%20in%20a%20Workbook%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DRx7rJhjzTZA%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3EGet%20Sentinel%20data%20into%20Excel%3C%2FSPAN%3E%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3EFor%20advanced%20reporting%20features%20we%20use%20Power%20BI%20which%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fazure-monitor%2Fplatform%2Fpowerbi%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Enatively%20integrates%20with%20Log%20Analytics%20and%20Sentinel%3C%2FA%3E%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId-583525042%22%20id%3D%22toc-hId-583525042%22%3EModule%2011%3A%20Use%20cases%3C%2FH2%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EUsing%20connectors%2C%20rules%2C%20playbooks%2C%20and%20workbooks%20enable%20you%20to%20implement%20use%20cases%3A%20the%20SIEM%20term%20for%20a%20content%20pack%20intended%20to%20detect%20and%20respond%20to%20a%20threat.%20This%20module%20focuses%20on%20helping%20you%20build%20use%20cases%20from%20the%20building%20blocks%20discussed%20so%20far.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CTABLE%20border%3D%221%22%20width%3D%22100%25%22%3E%0A%3CTBODY%3E%0A%3CTR%3E%0A%3CTD%20width%3D%2250%25%22%20style%3D%22width%3A%2010%25%3B%22%3E%3CSTRONG%3EStart%20Here%3C%2FSTRONG%3E%3C%2FTD%3E%0A%3CTD%20width%3D%2250%25%22%20style%3D%22width%3A%2090%25%3B%22%3E%0A%3CP%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3EThe%20Webinar%20%22Tackling%20Identity%22%20focuses%20on%20identity%20threat%20use%20cases%3A%26nbsp%3B%3C%2FSPAN%3E%3CA%20class%3D%22_e75a791d-denali-editor-page-rtfLink%22%20href%3D%22https%3A%2F%2Fyoutu.be%2FBcxiY32famg%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3EYouTube%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%20style%3D%22background-color%3A%20transparent%3B%22%20data-preserver-spaces%3D%22true%22%3E%2C%26nbsp%3B%3CA%20class%3D%22_e75a791d-denali-editor-page-rtfLink%22%20href%3D%22https%3A%2F%2F1drv.ms%2Fv%2Fs!AnEPjr8tHcNmghxbFa4WcLrfBJwe%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3EMP4%3C%2FA%3E%3C%2FSPAN%3E%3CSPAN%20style%3D%22background-color%3A%20transparent%3B%22%20data-preserver-spaces%3D%22true%22%3E%2C%26nbsp%3B%3C%2FSPAN%3E%3CA%20class%3D%22_e75a791d-denali-editor-page-rtfLink%22%20href%3D%22https%3A%2F%2F1drv.ms%2Fb%2Fs!AnEPjr8tHcNmghskgL3XiweyXwF_%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3EPresentation%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%2250%25%22%20style%3D%22width%3A%2010%25%3B%22%3E%3CSTRONG%3ELearn%20More%3C%2FSTRONG%3E%3C%2FTD%3E%0A%3CTD%20width%3D%2250%25%22%20style%3D%22width%3A%2090%25%3B%22%3E%0A%3CP%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3EOther%20use%20cases%20you%20can%20use%20as%20examples%20for%20developing%20your%20own%20or%20use%20as-is%20are%3A%3C%2FSPAN%3E%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CA%20class%3D%22_e75a791d-denali-editor-page-rtfLink%22%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fazure-sentinel-performing-additional-security-monitoring-of-high%2Fba-p%2F430740%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3EPerforming%20Additional%20Security%20Monitoring%20of%20High-Value%20Accounts%3C%2FSPAN%3E%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3ESee%20the%26nbsp%3B%3C%2FSPAN%3E%3CA%20class%3D%22_e75a791d-denali-editor-page-rtfLink%22%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FAzure-Sentinel%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3EGitHub%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3E%26nbsp%3Bfor%20a%20comprehensive%20repository%20of%20use%20cases.%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20class%3D%22_e75a791d-denali-editor-page-rtfLink%22%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fazure-sentinel-insecure-protocols-workbook-implementation-guide%2Fba-p%2F1197564%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3EAzure%20Sentinel%20Insecure%20Protocols%20workbook%20Implementation%20Guide%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3E%2C%26nbsp%3B%3CSTRONG%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fazure-sentinel-insecure-protocols-workbook-reimagined%2Fba-p%2F1558375%22%20target%3D%22_self%22%3Erecent%20enhacements%20to%20the%20workbook%3C%2FA%3E%26nbsp%3B%3C%2FSTRONG%3Eand%20%3CA%20href%3D%22https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DxzHDWbBX6h8%26amp%3Blist%3DPLmAptfqzxVEWkrUwV-B1Ob3qW-QPW_Ydu%26amp%3Bindex%3D8%26amp%3Bt%3D0s%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Eoverview%20video%3C%2FA%3E%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20class%3D%22_e75a791d-denali-editor-page-rtfLink%22%20href%3D%22http%3A%2F%2Fblog.sec-labs.com%2F2019%2F03%2Faudit-scheduled-tasks-using-azure-sentinel%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3EAudit%20Scheduled%20tasks%20using%20Azure%20Sentinel%3C%2FSPAN%3E%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20class%3D%22_e75a791d-denali-editor-page-rtfLink%22%20href%3D%22https%3A%2F%2Fgithub.com%2FBlueTeamToolkit%2Fsentinel-attack%2Ftree%2Fmaster%2Fdetections%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3ESentinel%20ATT%26amp%3BCK%20detection%20rules%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3E%26nbsp%3Band%26nbsp%3B%3C%2FSPAN%3E%3CA%20class%3D%22_e75a791d-denali-editor-page-rtfLink%22%20href%3D%22https%3A%2F%2Fgithub.com%2FBlueTeamToolkit%2Fsentinel-attack%2Ftree%2Fmaster%2Fdocs%2FDEFCON_attacking_the_sentinel.pdf%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3Epresentation%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3E.%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fazure-sentinel-sigma-amp-soc-prime-integration-part-2-directly%2Fba-p%2F1276337%22%20target%3D%22_self%22%3EDeploy%20SOCprime%20SIEM%20use%20cases%20directly%20to%20Azure%20Sentinel%3C%2FA%3E%20(and%20t%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fazure-sentinel-sigma-amp-soc-prime-integration-part-3-deploy-to%2Fba-p%2F1333674%22%20target%3D%22_self%22%3Eo%20multiple%20workspaces%3C%2FA%3E)%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20class%3D%22_e75a791d-denali-editor-page-rtfLink%22%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FAzure-Sentinel%2FTime-Series-visualization-of-Palo-Alto-logs-to-detect-data%2Fba-p%2F666344%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3ETime%20Series%20visualization%20of%20Palo%20Alto%20logs%20to%20detect%20data%20exfiltration%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3E*%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fhow-to-use-azure-monitor-workbooks-to-map-sentinel-data%2Fba-p%2F971818%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%20data-cke-saved-href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fhow-to-use-azure-monitor-workbooks-to-map-sentinel-data%2Fba-p%2F971818%22%3EUse%20Azure%20Monitor%20Workbooks%20to%20map%20Sentinel%20data%3C%2FA%3E%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20style%3D%22width%3A%2010%25%3B%22%3E%0A%3CH3%20id%3D%22toc-hId--1094846702%22%20id%3D%22toc-hId--1094846702%22%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3EUse%20cases%20focus%3A%20working%20from%20home%3C%2FSPAN%3E%3C%2FH3%3E%0A%3C%2FTD%3E%0A%3CTD%20style%3D%22width%3A%2090%25%3B%22%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3ETeams%3A%3C%2FSPAN%3E%0A%3CUL%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fprotecting-your-teams-with-azure-sentinel%2Fba-p%2F1265761%22%20target%3D%22_self%22%3EHunting%20use%20cases%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fgraph-visualization-of-external-teams-collaborations-in-azure%2Fba-p%2F1356847%22%20target%3D%22_self%22%20rel%3D%22noreferrer%22%3EGraph%20Visualization%20of%20External%20MS%20Teams%20Collaborations%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Funderstanding-microsoft-teams-data-schema-in-azure-sentinel%2Fba-p%2F1722876%22%20target%3D%22_self%22%3EUnderstand%20the%20schema%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fmonitoring-zoom-with-azure-sentinel%2Fba-p%2F1341516%22%20target%3D%22_self%22%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3EZoom%3C%2FSPAN%3E%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fmonitoring-windows-virtual-desktop-environments-fall-2019%2Fba-p%2F1356632%22%20target%3D%22_self%22%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3EWindows%20Virtual%20Desk%3C%2FSPAN%3E%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fsecure-working-from-home-deep-insights-at-enrolled-mem-assets%2Fba-p%2F1424255%22%20target%3D%22_self%22%3EMicrosoft%20endpoint%20Manager%20%2F%20Intune%3C%2FA%3E%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fintegrating-open-source-threat-feeds-with-misp-and-sentinel%2Fba-p%2F1350371%22%20target%3D%22_self%22%3E%3CSPAN%20data-preserver-spaces%3D%22true%22%3EIntegrate%20the%20Microsoft%20COVID-19%20threat%20feed%3C%2FSPAN%3E%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId-1263583412%22%20id%3D%22toc-hId-1263583412%22%3EModule%2012%3A%20Handling%20incidents%3C%2FH2%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAfter%20building%20your%20SOC%2C%20you%20need%20to%20start%20using%20it.%20Watch%20the%20%22day%20in%20a%20SOC%20analyst%20life%22%20webinar%20to%20learn%20how%20to%20use%20Azure%20Sentinel%20in%20the%20SOC%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fyoutu.be%2FHloK6Ay4h1M%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3EYouTube%3C%2FA%3E%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2F1drv.ms%2Fv%2Fs%2521AnEPjr8tHcNmghEg_9Z2NjQ_DDpo%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3EMP4%3C%2FA%3E%3CSPAN%20style%3D%22background-color%3A%20transparent%3B%22%3E%2C%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2F1drv.ms%2Fb%2Fs%2521AnEPjr8tHcNmghALzkfTkg-dTmfH%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3EPresentation%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId--543871051%22%20id%3D%22toc-hId--543871051%22%3EModule%2013%3A%20Hunting%3C%2FH2%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWhatever%20is%20your%20methodology%20and%20use%20case%20for%20hunting%2C%20Azure%20Sentinel%20is%20a%20great%20hunting%20platform.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CTABLE%20border%3D%221%22%20width%3D%22100%25%22%3E%0A%3CTBODY%3E%0A%3CTR%3E%0A%3CTD%20width%3D%2250%25%22%20style%3D%22width%3A%2010%25%3B%22%3E%3CSTRONG%3EStart%20Here%3C%2FSTRONG%3E%3C%2FTD%3E%0A%3CTD%20width%3D%2250%25%22%20style%3D%22width%3A%2090%25%3B%22%3E%0A%3CP%3EWatch%20the%20Webinar%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fyoutu.be%2F6ueR09PLoLU%3Ft%3D1451%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EYouTube%3C%2FA%3E%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FAzS_T_H_12AUG20_MP4%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EMP4%3C%2FA%3E%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2F1drv.ms%2Fb%2Fs!AnEPjr8tHcNmg1WdPYaITzG7W1Sp%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EDeck%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%222%22%3E%3CEM%3E(Note%20that%20the%20Webinar%20starts%20with%20an%20update%20on%20new%20features%2C%20to%20learn%20about%20hunting%20start%20at%20slide%2012.%20The%20Youtbute%20link%20is%20already%20set%20to%20start%20there)%3C%2FEM%3E%3C%2FFONT%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%2250%25%22%20style%3D%22width%3A%2010%25%3B%22%3E%3CSTRONG%3ELearn%20More%3C%2FSTRONG%3E%3C%2FTD%3E%0A%3CTD%20width%3D%2250%25%22%20style%3D%22width%3A%2090%25%3B%22%3E%0A%3CUL%3E%0A%3CLI%3EThreat%20hunting%20webinar%20(%3CA%20href%3D%22https%3A%2F%2F1drv.ms%2Fv%2Fs!AnEPjr8tHcNmgVrt_iN5W4gt0WlG%3Fe%3DfGhiyZ%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EMP4%3C%2FA%3E%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fyoutu.be%2FTiz-ftnlTg4%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EYouTube%3C%2FA%3E)%20and%20presentations%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2F1drv.ms%2Fb%2Fs!AnEPjr8tHcNmgVlNSw5ouPxYkVS0%3Fe%3Dj5l1hI%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3E(Deck%201%3C%2FA%3E%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2F1drv.ms%2Fb%2Fs!AnEPjr8tHcNmgWLisWDg0ha36wMd%3Fe%3DYJWjQ7%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EDeck%202%3C%2FA%3E)%3C%2FLI%3E%0A%3CLI%3EThreat%20hunting%20revisited%20(%3CFONT%20face%3D%22%26quot%3BSegoeUI%26quot%3B%2C%26quot%3BLato%26quot%3B%2C%26quot%3BHelvetica%20Neue%26quot%3B%2CHelvetica%2CArial%2Csans-serif%22%20style%3D%22background-color%3A%20%23ffffff%3B%20outline%3A%200px%3B%22%3E%3CA%20style%3D%22background-color%3A%20%23ffffff%3B%20outline%3A%200px%3B%22%20title%3D%22MP4%22%20href%3D%22https%3A%2F%2F1drv.ms%2Fv%2Fs!AnEPjr8tHcNmghQwthryNWI5Yfuh%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EMP4%3C%2FA%3E%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fyoutu.be%2FBTEV_b6-vtg%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EYouTube%3C%2FA%3E%2C%26nbsp%3B%3CA%20title%3D%22Deck%22%20href%3D%22https%3A%2F%2F1drv.ms%2Fb%2Fs!AnEPjr8tHcNmghNdbqppq1myNzG_%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EPresentation%3C%2FA%3E)%3C%2FFONT%3E%3C%2FLI%3E%0A%3CLI%3E%3CFONT%20face%3D%22%26quot%3BSegoeUI%26quot%3B%2C%26quot%3BLato%26quot%3B%2C%26quot%3BHelvetica%20Neue%26quot%3B%2CHelvetica%2CArial%2Csans-serif%22%20style%3D%22background-color%3A%20%23ffffff%3B%20outline%3A%200px%3B%22%3E%3CSPAN%3EThreat%20Hunting%20-%20AWS%20using%20Sentinel%20(%3CA%20href%3D%22https%3A%2F%2F1drv.ms%2Fv%2Fs!AnEPjr8tHcNmglA7u6-1zE5isojJ%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3EMP4%3C%2FA%3E%2C%20%3CA%20href%3D%22https%3A%2F%2Fyoutu.be%2FbSH-JOKl2Kk%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3EYouTube%3C%2FA%3E%2C%20%3CA%20href%3D%22https%3A%2F%2F1drv.ms%2Fb%2Fs!AnEPjr8tHcNmgk4O1CkCI9sLtRYi%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3EPresentation%3C%2FA%3E).%3C%2FSPAN%3E%3C%2FFONT%3E%3C%2FLI%3E%0A%3CLI%3E%26nbsp%3B%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20style%3D%22width%3A%2010%25%3B%22%3E%3CSTRONG%3EUse%20Notebooks%3C%2FSTRONG%3E%3C%2FTD%3E%0A%3CTD%20style%3D%22width%3A%2090%25%3B%22%3E%0A%3CUL%3E%0A%3CLI%3EVideo%3A%20%3CA%20href%3D%22https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DTgRRJeoyAYw%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3EIntroduction%20to%20notebooks%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fwhy-use-jupyter-for-security-investigations%2Fba-p%2F475729%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3EWhy%20Use%20Jupyter%20for%20Security%20Investigations%3F%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fwhy-use-jupyter-for-security-investigations%2Fba-p%2F475729%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3E%E2%80%8B%E2%80%8B%E2%80%8B%E2%80%8B%E2%80%8B%E2%80%8B%E2%80%8B%3C%2FA%3ESecurity%20Investigation%20with%20Azure%20Sentinel%20%26amp%3B%20Jupyter%20Notebooks%26nbsp%3B(%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fsecurity-investigation-with-azure-sentinel-and-jupyter-notebooks%2Fba-p%2F432921%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3Epart%201%3C%2FA%3E%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fsecurity-investigation-with-azure-sentinel-and-jupyter-notebooks%2Fba-p%2F483466%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3Epart%202%3C%2FA%3E%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fsecurity-investigation-with-azure-sentinel-and-jupyter-notebooks%2Fba-p%2F561413%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3Epart%203%3C%2FA%3E)%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fmsticpy-python-defender-tools%2Fba-p%2F648929%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3Emsticpy%20-%20Python%20Defender%20Tools%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fwhat-am-i-looking-at-using-notebooks-to-gain-situational%2Fba-p%2F891818%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3EWhat%20am%20I%20looking%20at%3F%20-%20Using%20Notebooks%20to%20gain%20situational%20awareness%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fexplorer-notebook-series-the-linux-host-explorer%2Fba-p%2F1138273%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3EExplorer%20Notebook%20Series%3A%20The%20Linux%20Host%20Explorer%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20style%3D%22font-family%3A%20inherit%3B%20background-color%3A%20%23ffffff%3B%22%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fusing-threat-intelligence-in-your-jupyter-notebooks%2Fba-p%2F860239%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3EUsing%20Threat%20Intelligence%20in%20your%20Jupyter%20Notebooks%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId-1943641782%22%20id%3D%22toc-hId-1943641782%22%3EModule%2014%3A%20Extending%20and%20integrating%20Azure%20Sentinel%3C%2FH2%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CTABLE%20border%3D%221%22%20width%3D%22100%25%22%3E%0A%3CTBODY%3E%0A%3CTR%3E%0A%3CTD%20width%3D%2250%25%22%20height%3D%22123px%22%20style%3D%22width%3A%2010%25%3B%22%3E%3CSTRONG%3EStart%20Here%3C%2FSTRONG%3E%3C%2FTD%3E%0A%3CTD%20width%3D%2250%25%22%20height%3D%22123px%22%20style%3D%22width%3A%2090%25%3B%22%3E%0A%3CUL%3E%0A%3CLI%3EShort%20introductory%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DgQDBkc-K-Y4%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Evideo%3C%2FA%3E%26nbsp%3Band%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fazure-sentinel-api-101%2Fba-p%2F1438928%22%20target%3D%22_self%22%3Eblog%20post%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3EDeep%20dive%20webinar%3A%26nbsp%3B%3CFONT%20face%3D%22%26quot%3BSegoeUI%26quot%3B%2C%26quot%3BLato%26quot%3B%2C%26quot%3BHelvetica%20Neue%26quot%3B%2CHelvetica%2CArial%2Csans-serif%22%3E%3CA%20href%3D%22https%3A%2F%2F1drv.ms%2Fv%2Fs!AnEPjr8tHcNmgjMmZquqAHtclQ5m%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EMP4%3C%2FA%3E%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fyoutu.be%2FCu4dc88GH1k%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EYouTube%3C%2FA%3E%3C%2FFONT%3E%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2F1drv.ms%2Fb%2Fs!AnEPjr8tHcNmgjRd01jxCSmbydt0%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3EPresentation%3C%2FA%3E%26nbsp%3B(updated)%3C%2FLI%3E%0A%3CLI%3EMore%20ways%20to%20use%20the%20API%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fextending-azure-sentinel-apis-integration-and-management%2Fba-p%2F1116885%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3EExtending%20Azure%20Sentinel%3A%20APIs%2C%20Integration%20and%20management%20automation%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%2250%25%22%20height%3D%22102px%22%20style%3D%22width%3A%2010%25%3B%22%3E%0A%3CH3%20id%3D%22toc-hId-265270038%22%20id%3D%22toc-hId-265270038%22%3EAPI%20usage%20examples%3C%2FH3%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2250%25%22%20height%3D%22102px%22%20style%3D%22width%3A%2090%25%3B%22%3E%0A%3CUL%3E%0A%3CLI%3E%3CA%20id%3D%22link_6%22%20class%3D%22page-link%20lia-link-navigation%20lia-custom-event%22%20style%3D%22font-family%3A%20inherit%3B%22%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fusing-the-sentinel-api-to-view-data-in-a-workbook%2Fba-p%2F1386436%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3EUsing%20the%20Sentinel%20API%20to%20view%20data%20in%20a%20Workbook%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId--973105203%22%20id%3D%22toc-hId--973105203%22%3EModule%2015%3A%20Roadmap%3C%2FH2%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ESince%20roadmap%20information%20is%20provided%20under%20NDA%2C%20please%20reach%20out%20to%20your%20Microsoft%20account%20team%20to%20discuss%20an%20Azure%20Sentinel%20roadmap%20presentation.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId-1514407630%22%20id%3D%22toc-hId-1514407630%22%3EModule%2016%3A%20Where%20do%20I%20go%20from%20here%3F%3C%2FH2%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EJoin%20our%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FSecurityPrP%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%20data-interception%3D%22on%22%20data-cke-saved-href%3D%22%2Fteams%2FAzureSentinelProductInfo%2FSitePages%2FAzure-Sentinel-General-FAQ.aspx%23my-customer-or-i-want-to-join-a-private-preview%22%3EPrivate%20Previews%3C%2FA%3E%26nbsp%3Bprogram%3C%2FLI%3E%0A%3CLI%3EKeep%20track%20of%20%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FSentinelAnnouncements%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ewhat's%20new%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3EAsk%2C%20or%20answer%20other%20on%20the%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FAzure-Sentinel%2Fbd-p%2FAzureSentinel%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%20data-cke-saved-href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FAzure-Sentinel%2Fbd-p%2FAzureSentinel%22%3EAzure%20Sentinel%20Tech%20Community%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3EPremier%20customer%3F%20You%20might%20want%20the%20on-site%20(or%20remote%20these%20days)%20%3CA%20href%3D%22https%3A%2F%2Fdatasheets.azureedge.net%2Fdatasheetsv2%2Fnnjfdhzt2q5v-2-11325%2Fen-US.pdf%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3EAzure%20Sentinel%20Fundamentals%205%20days%20workshop%3C%2FA%3E.%3C%2FLI%3E%0A%3CLI%3ESubmit%20feature%20requests%20using%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ffeedback.azure.com%2Fforums%2F920458-azure-sentinel%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%20data-cke-saved-href%3D%22https%3A%2F%2Ffeedback.azure.com%2Fforums%2F920458-azure-sentinel%22%3EUser%20voice%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3EContribute%20or%20enhance%20rules%2C%20queries%2C%20workbooks%2C%20connectors%20and%20more%20to%20the%20community%20on%20the%20%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FAzure-Sentinel%2Fwiki%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EAzure%20Sentinel%20GitHub%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3EAs%20a%20last%20resort%2C%20send%20an%20e-mail%20to%26nbsp%3B%3CA%20href%3D%22mailto%3AAzureSentinel%40microsoft.com%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3EAzureSentinel%40microsoft.com%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-1246310%22%20slang%3D%22en-US%22%3E%3CP%3EYou%20asked%20for%20it%2C%20and%20we%20deliver.%20Virtually%20to%20fit%20the%20era.%20Get%20deep%20into%20Azure%20Sentinel%20using%20the%20Level%20400%20learning%20program%20in%20this%20post.%3C%2FP%3E%3C%2FLINGO-TEASER%3E
Microsoft

I have been delivering level 400 Azure Sentinel for a while, and over time most of the training modules were recorded as webinars. In this blog post, I try to walk you through Azure Sentinel level 400 training and help you become Azure Sentinel master.

 

Already did the Ninja training, focus only on recent updates!

Curriculum 

Curriculum.jpg

 

This training program includes 16 modules. For each module, the post includes a presentation, preferably recorder (when still not, we are working on the recording) as well as supporting information: relevant product documentation, blog posts, and other resources.

The modules listed below are split into five groups following the life cycle of a SOC:

 

Overview

- Module 1: Technical overview

- Module 2: Azure Sentinel role

 

Designing  Your Deployment

- Module 3: Cloud architecture and multi-workspace/tenant support

- Module 4: Collecting events

- Module 5: Log Management

- Module 6: Integrating threat intelligence

 

Creating Content

- Module 7: Kusto Query Language (KQL) - the starting point

- Module 8: Writing rules to implement detection

- Module 9: Creating playbooks to implement SOAR

- Module 10: Creating workbooks to implement dashboards and apps

- Module 11: Implementing use cases

 

Security Operations

- Module 12: A day in a SOC analyst's life, incident management, and investigation

- Module 13: Hunting

 

Advanced Topics

- Module 14: Automating and integrating 

- Module 15: Roadmap - since it requires an NDA, contact your Microsoft contact for details.

- Module 16: Where to go next?

 

What you will not find here?

Basic procedures, including onboarding Azure Sentinel and connecting data sources are best described in the documentation.

 

Module 1: Technical overview

 

Start Here

If you want to get an initial overview of Azure Sentinel's technical capabilities. The presentation also serves as the Azure Sentinel Level 200 presentation:

Want only a bird eye view?

If you just want to understand what Azure Sentinel is, my favorite stating point is Sarah Young's layback video interview on Azure Sentinel. Adwait Joshi and Ram Shankar's series is also good to watch:

 

Module 2: How is Azure Sentinel used?

 

Start Here Still at level 200: what are the typical use for Azure Sentinel? What are customers finding in it, and also, how is it priced? All in this presentation
As part of Microsoft Seucity stack

The side by side use case

The MSSP use case

Most information about MSSP support is included in the next Module, cloud architecture and mult-tenant support. In aMSSPs will find this useful: 

Learn from users

Thousands of organizations and service providers are using Azure Sentinel. As usual with security products, most do not go public about that. Still there are some.

Price

 

Module 3: Cloud architecture and multi-workspace/tenant support

 

An Azure Sentinel instance is called a workspace. Multiple workspaces are often necessary and can act together as a single Azure Sentinel system. A special use case is providing service using Azure Sentinel, for example by an MSSP (Managed Security Service Provider) or by a Global SOC in a large organization. 

 

Start here
Learn more

 

Module 4: Collecting events

 

Start Here
  • Overview webinar (includes Module 3): YouTube, MP4Deck
  • The log forwarder deep dive webinar (plus a bonus: learn how to use it to filter events):  YouTubeMP4Deck
Learn More

 

Module 5: Log Management

 

We are working on a presentation for this module, meanwhile here are some important pointers to learn more from:

 

Storage Management

 

Logs Security

Visualization and analysis

 

Module 6: Threat Intelligence

 

Start Here
Learn More
 

Module 7: KQL

 

Most Azure Sentinel capabilities use KQL or Kusto Query Language. When you search in your logs, write rules, creating hunting queries or create workbooks, you use KQL.  We suggest you follow this Sentinel KQL journey:

 

Pluralsight KQL course - the basics

down-254093_1280.png

Pluralight Advanced KQL course

down-254093_1280.png

The Azure Sentinel KQL Lab:

down-254093_1280.pngOptimizing Azure Sentinel KQL queries performance: YouTubeMP4Deck

down-254093_1280.png

Continue with module 8 below, on how to write rules, and module 11, bringing many useful examples

 

Learn more

 

Module 8: Write rules

Start here
Learn more

 

Module 9: Creating playbooks

 

Start Here
Learn More

 

Module 10: Workbooks, reporting and visualization

 

Start Here Watch the Webinar: YouTubeMP4Deck
Cool workbooks

We have some really cool workbooks that you can use, but also learn from how to build your own:

Learn more

 

Module 11: Use cases

 

Using connectors, rules, playbooks, and workbooks enable you to implement use cases: the SIEM term for a content pack intended to detect and respond to a threat. This module focuses on helping you build use cases from the building blocks discussed so far.

 

Start Here

The Webinar "Tackling Identity" focuses on identity threat use cases: YouTubeMP4Presentation

Learn More

Other use cases you can use as examples for developing your own or use as-is are:

Use cases focus: working from home

 

Module 12: Handling incidents

 

After building your SOC, you need to start using it. Watch the "day in a SOC analyst life" webinar to learn how to use Azure Sentinel in the SOC: YouTubeMP4Presentation

 

Module 13: Hunting

 

Whatever is your methodology and use case for hunting, Azure Sentinel is a great hunting platform.

 

Start Here

Watch the Webinar: YouTubeMP4Deck

(Note that the Webinar starts with an update on new features, to learn about hunting start at slide 12. The Youtbute link is already set to start there)

Learn More
Use Notebooks

 

Module 14: Extending and integrating Azure Sentinel

 

Start Here

API usage examples

 

Module 15: Roadmap

 

Since roadmap information is provided under NDA, please reach out to your Microsoft account team to discuss an Azure Sentinel roadmap presentation. 

 

Module 16: Where do I go from here?

 

28 Comments
Frequent Contributor

Hi @Ofer_Shezaf, Awesome collection Ofer - thanks very much for the time taken on this.

 

Just a few typos that might have crept in:
The first link in Module 2 is not a presentation but loops back to this page?

In Module 6 & 11 the Deck link is to the Presentation & the Presentation link is the MP4 recording

In Module 9 the Presentation link loops back to this page? But is this also part of the 3 files that are tucked away at the bottom of the page? ;)

 

Stay safe

 

Microsoft

Thanks @David Caddick! I hope I have fixed them all.

Thank you for Sharing this Awesome Azure Sentinel Training with the Community :cool:

Senior Member

Nice work @Ofer_Shezaf ! Do you have any certification or exam as part of this training?

Occasional Contributor

@Ofer_Shezaf - Brilliant work & good to see all in one pack .

Occasional Visitor

Hi Guys i am not able to get the presentations.

Occasional Visitor

Only managed to download presentation for module 4 and 6.

Super Contributor

Hi 

 

Awesome - is there some "Baseline/Best Practice/minimum" for Sentinel - in deploying->configuring/settings/datacollectors/rules template setup? 

hope question makes sense :D 

Microsoft

Hey @Ofer_Shezaf 

 

this is wonderfull, perfect time when in covid wait, thank you ;) 

 

~Moe 

Occasional Contributor

Thank you @Ofer_Shezaf !

 

We are glad for these sessions as we also have some extra time!

 

Microsoft

@Taen keren : Sentinel implementation is very use case specific - differnt users deploy it for different goals. A way to start would be to pick the sources you are most interested in monitoring and protecting. The connector page for those sources has anlaytics rules, workbooks and queries which would be the starting point listed on the "what's next" tab.  

Microsoft

@joseph2165 

 

The training blog is extensive but informal. Currently certification is only as part of Az500 but it is at a much higher level.  I agree that it is a good idea and will check how to do something like that.

 

~ Ofer

Microsoft

@Tmothibi : I was able to and did not here of the issue from other people. Does it work now? If not, can you share with me privately the error/issue details?

Occasional Visitor

Hello,

Are the video links from 3 & 4 supposed to be the same?  They both (on youtube and onedrive) point to the same videos.

 

Really enjoying this link so far so thanks for creating it.  

Microsoft

Hi @fad3r : Yes, they are the same. I presented both topics in a single Webinar. I will replace (3) this week as I am doing an updated Webinar dedicated to this topic.

Respected Contributor

@Ofer_Shezaf Az-500 is going to be updated next month and there is only one small item about Sentinel in the new listing of topics, see https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE3VC70. Could you please work with the exam team to get more Sentinel questions added?

Microsoft

Hi @Ofer_Shezaf , First of all thank you for the training contents and it is really wonderful.

 

Do we have plans to launch certification as well for Azure Sentinel Level 400 Ninja ? 

Microsoft

@Nitish_Anand : After posting the program I learned that many would have liked to have such a certificate. I am looking into this, but we have no short term plans around it as of yet.

Regular Visitor

@Ofer_ShezafCan you provide me the end to end architecture diagram for SOAR? for instance how the communication will happen between on-prem data center paloalto/checkpoint firewall and sentinel to block malicious IP address, port in paloalto/checkpoint firewall? what are all the components involved in SOAR? what are all prerequisite?

Microsoft

@Vijaymkm : refere to https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-gateway-connection for details on how to connect Logic Apps, our SOAR engine, to on-prem resources.

Senior Member

Thank you for this @Ofer_Shezaf . This is great I was looking for a consolidated documentation that is a deep dive..!

 

~egal

Occasional Contributor

Thanks for the great info; sharing with my Linkedin Network

New Contributor

A great collection of resources, Thank you @Ofer_Shezaf 

Visitor
Hi Ofer,

Under Module 13: Hunting, "Threat Hunting - AWS using Sentinel, webinar on April 22nd, register here."
 
Should've already happened? but i can't find the youtube video. If it never took place maybe handy to remove it from the list?

- Jurgen
Microsoft

@Jurgen790 : Thanks for the reminder. Updated.

Regular Visitor

@Ofer_Shezaf  can you share the complete list of connector for security products i.e. Firewall (Checkpoint, paloalto, Cisco, etc), IPS, Anti-malware, URL filtering, etc..I am unable to find https://docs.microsoft.com/en-us/connectors/connector-reference/ . i am wondering how we can perform SOAR functions using logic apps without connectors

Microsoft

super useful content really liked the design sessions

Occasional Contributor

Thanks for sharing !