What is Microsoft Sentinel?
Microsoft Sentinel is a cloud-native Security Information and Event Management (SIEM) and Security Orchestration Automated Response (SOAR) solution built on Microsoft Azure. It helps organisations detect, investigate, and respond to security threats across their digital environment.
What makes Sentinel a powerful solution?
- Native integration with Microsoft 365 and Defender XDR tools.
- Real-time visibility into your environment’s security posture.
- Supports hybrid and multi-cloud environments (including AWS and Google Cloud).
- Pay-as-you-go pricing: —no infrastructure setup or upfront cost.
Key Features
| Feature | What it does |
|---|---|
| Data Collection | Connects to Microsoft 365, Azure, AWS, on-premises servers, firewalls, and more. |
| AI-powered Threat Detection | Uses machine learning and Microsoft threat intelligence to identify real threats. |
| Investigation Tools | Visualise attack chains, timelines, and correlations across data sources with Auxiliary Logs and Analytics Logs. |
| Automated Threat Response | Trigger playbooks (via Logic Apps) to respond to incidents automatically. |
| Scalability | As a cloud-native tool, it scales automatically with your data and workloads. |
Learn more about Microsoft Sentinel in blog Modernising Security Operations with Microsoft Sentinel