Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Microsoft Sentinel solutions help you package and share custom security content. Use this page to learn about the two solution types and review the setup steps before you build or publish.
Choose your solution type
Microsoft Sentinel supports two solution types:
- SIEM solutions deliver detections, investigations, and automation. They can include analytics rules, hunting queries, summary rules, workbooks, playbooks, data connectors, and ASIM (Advanced Security Information Model) parsers.
- Platform solutions work with the Microsoft Sentinel data lake to analyze and act on security data and other platform capabilities.
SIEM solutions prerequisites
Before you create and publish a SIEM solution to Azure Commercial Marketplace:
- Join the Microsoft Cloud Partner Program.
- Create a Commercial Marketplace account in Partner Center.
Platform solutions prerequisites
Before you create and publish a platform solution, make sure you have:
- A Microsoft Sentinel data lake to analyze data and write to the data lake:
- If you haven’t onboarded yet, see Onboard to Microsoft Sentinel data lake.
- After onboarding, ingest enough data to support notebook analysis.
- Visual Studio Code with:
The Microsoft Sentinel extension:
- In VS Code, open the Extensions Marketplace, search for Sentinel, select Microsoft Sentinel, and choose Install.
- After installation, the Microsoft Sentinel shield icon appears in the left toolbar.
-
- In the Extensions Marketplace, search for GitHub Copilot and install it.
- After installing, sign in to GitHub Copilot with your GitHub account.
- Access to the Microsoft Security Store to publish your platform solution.
- Make sure you have a Partner Center account, are enrolled in the Microsoft AI Cloud Partner Program (MAICPP), and are registered in the Microsoft Security Store.
