When to use Microsoft Sentinel

  • 4 minutes

Microsoft Sentinel is a solution for performing security operations on your cloud and on-premises environments.

Use Microsoft Sentinel if you want to:

  • Collect event data from various sources.
  • Perform security operations on that data to identify suspicious activity.

Security operations could include:

  • Visualization of log data
  • Anomaly detection
  • Threat hunting
  • Security incident investigation
  • Automated response to alerts and incidents

Microsoft Sentinel offers other capabilities that could help you decide whether it's the right fit for you:

  • Cloud-native SIEM: with no servers to provision, scaling is effortless
  • Integration with the Azure Logic Apps service and its hundreds of connectors
  • Benefits of Microsoft research and machine learning
  • Key log sources provided for free
  • Support for hybrid cloud and on-premises environments
  • SIEM and a data lake all in one

When you began investigating Microsoft Sentinel, your organization had some clear requirements:

  • Support for data from multiple cloud environments
  • Features and functionality required for a security operations center (SOC), without too much administrative overhead

You've found that Microsoft Sentinel could be a good fit. It offers data connectors for syslog, Amazon Web Services (AWS), and other sources, and the ability to scale effortlessly without provisioning servers. During your analysis, you also realized that your organization should make automation a key part of its SOC strategy. Automation wasn't something the organization had considered before, but now you'll look into using automation playbooks.

If you're collecting infrastructure or application logs for performance monitoring, consider also using Azure Monitor and Log Analytics for that purpose.

And perhaps you want to understand the security posture of your environment, make sure that you're compliant with policy, and check for security misconfigurations. If so, consider also using Microsoft Defender for Cloud. You can ingest Defender for Cloud alerts as a data connector for Microsoft Sentinel.