SC-200: Connect logs to Microsoft Sentinel
Connect data at cloud scale across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds to Microsoft Sentinel. This learning path aligns with exam SC-200: Microsoft Security Operations Analyst.
Prerequisites
- Knowledge of using KQL in Microsoft Sentinel like you could learn from learning path SC-200: Create queries for Azure Sentinel using Kusto Query Language (KQL)
- Knowledge of Microsoft Sentinel environment configuration like you could learn from learning path SC-200: Configure your Azure Sentinel environment
Modules in this learning path
The primary approach to connect log data is using the Microsoft Sentinel provided data connectors. This module provides an overview of the available data connectors.
Learn about the configuration options and data provided by Microsoft Sentinel connectors for Microsoft 365 Defender.
One of the most common logs to collect is Windows security events. Learn how Microsoft Sentinel makes this easy with the Security Events connector.
Most vendor-provided connectors utilize the CEF connector. Learn about the Common Event Format (CEF) connector's configuration options.
Learn about the Syslog connector's configuration options which will enable you to parse Syslog data.
