Microsoft Sentinel - SOAR through the SIEM, begin with the basics
Published Dec 14 2023 09:00 AM 13.1K Views

Sentinel Basics

You want to get started with Microsoft Sentinel but it looks overwhelming to you.

Here are some simple guidelines to follow for a very basic outline for you to get started with Microsoft Sentinel:

 

  1. Sentinel setup and prereqs ---Start here Player One
  2. Sentinel Permissions---------- What is your character/avatar and role
  3. Power UP/use AI+ML----------Enable User and Entity Behavior Analytics (UEBA)
  4. Where Data ------------------- What is your playing field (log analytics workspace)
  5. Keep Data --------------------- How long do you want to keep data
  6. How Data ----------------------What data do you want and how will you connect to data that you want to ingest (Connectors/Custom da...
  7. Detect Threats in Data --------Automatically detect threats with Analytic RULES
  8. See/Visualize Data ------------Visualize data with workbooks
  9. Alert on Data-------------------Visualize incidents
  10. Prevent/Threat Hunt in Data---Be Proactive
  11. Automate Responses ----------SOAR to the highest with automation
  12.  Deploy Solutions --------------like M2131, ZeroTrust, CMMC2.0, NIST 800-53

For more in-depth information, please check out the Sentinel Deployment planning guide.

 

For a visual representation of Data flow from data sources and into Sentinel:

LauraHutchcroft_0-1702068722132.png

 

3 Comments
Co-Authors
Version history
Last update:
‎Dec 12 2023 01:26 PM
Updated by: