SC-200: Connect logs to Microsoft Sentinel

Security Operations Analyst
Azure Log Analytics
Microsoft Sentinel

Connect data at cloud scale across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds to Microsoft Sentinel. This learning path aligns with exam SC-200: Microsoft Security Operations Analyst.


  • Knowledge of using KQL in Microsoft Sentinel like you could learn from learning path SC-200: Create queries for Azure Sentinel using Kusto Query Language (KQL)
  • Knowledge of Microsoft Sentinel environment configuration like you could learn from learning path SC-200: Configure your Microsoft Sentinel environment

Modules in this learning path

The primary approach to connect log data is using the Microsoft Sentinel provided data connectors. This module provides an overview of the available data connectors.

Learn how to connect Microsoft 365 and Azure service logs to Microsoft Sentinel.

Learn about the configuration options and data provided by Microsoft Sentinel connectors for Microsoft Defender XDR.

One of the most common logs to collect is Windows security events. Learn how Microsoft Sentinel makes this easy with the Security Events connector.

Most vendor-provided connectors utilize the CEF connector. Learn about the Common Event Format (CEF) connector's configuration options.

Learn about the Azure Monitor Agent Linux Syslog Data Collection Rule configuration options, which enable you to parse Syslog data.

Learn how to connect Threat Intelligence Indicators to the Microsoft Sentinel workspace using the provided data connectors.