Microsoft Sentinel documentation

Microsoft Sentinel provides attack detection, threat visibility, proactive hunting, and threat response to help you stop threats before they cause harm.

About Microsoft Sentinel

Overview

• What is Microsoft Sentinel?
• Best practices

What's new

• What's new in Microsoft Sentinel?

Get started

Quickstart

• Onboard Microsoft Sentinel

Deploy

• Deployment guide
• Prerequisites
• Plan costs
• Find solutions

How-To Guide

• Install solutions and content

Collect data

Concept

• Microsoft Sentinel data connectors
• Data collection best practices
• Normalizing and parsing data

Tutorial

• Forward Syslog data to Log Analytics workspace

How-To Guide

• Create a custom connector
• Monitor connector health

Reference

• Find data connectors

Detect threats

Concept

• Understand threat intelligence
• MITRE ATT&CK® framework
• User and entity behavior analytics (UEBA)
• Customizable anomalies

Tutorial

• Detect threats by using analytics rules

How-To Guide

• Detect threats by using built-in analytics
• Create custom detection rules

Investigate

Concept

• Incident investigation and case management
• Threat hunting
• Kusto Query Language in Microsoft Sentinel

Tutorial

• Investigate with UEBA

How-To Guide

• Investigate incidents
• Manage incident workflow with tasks
• Monitor your data
• Conduct end-to-end threat hunting

Respond

Concept

• Automation rules
• Playbooks

Tutorial

• Respond automatically to threats