![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 75%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EO%3C/text%3E%3C/svg%3E)
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
982 questions
Microsoft Sentinel is a scalable, cloud-native, security information and event management (SIEM) and security orchestration, automation, and response (SOAR) solution. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for attack detection, threat visibility, proactive hunting, and threat response. Sentinel Documentation
This means it has the capability to ingest, analyze, visualize and respond to events across multiple services, such as Azure AD, M365 Defender and more and provide a birds eye view across the enterprise. However it does not mean it is a specialist in every data type and for that drill down analysis, you potential would have to leverage another application, such as M365 defender for deep and specialist analysis.
If you are using Microsoft Sentinel, ensure you are ingesting your logs from all your data sources (some are free, check them out on our pricing page) and this should be your primary view that you use for all SOC alerts. If an incident is raised in Sentinel and deeper analysis is required by a security analyst, then you would drill down deeper into the application specific portal.
