Good morning all!

Currently working on building some security playbooks within Azure Sentinel. We currently do not have any compute resources at the moment, mostly focused on monitoring sign-in logs, custom data connectors, and Defender for 0365 logs/alerts.

Are there any use cases others have built playbooks around that focus on these three fields? Also, has anyone had luck feeding Trellix logs/alerts into Sentinel?

Any input would be insightful, thank you all in advance!