Azure Sentinel Resource Terminus - board here!

Published Apr 01 2020 01:53 PM 14.3K Views
Microsoft

Introduction

This article is a collection of resources for Azure Sentinel designed to get you up and running with the service as quickly as possible. It is organized by broad topic area to allow you quickly navigate to your area of interest. Most topics are broken down into groups of related articles.

AzureCircle.png

 

Most of the resources in this article are listed in tables with a short title and a link to the resource. The final two columns in the table show the type of resource and an indication if the topic is relatively advanced or specialized.

 

ianhelle_0-1585767814536.png

Blog

ianhelle_1-1585767814537.png

Azure Document

ianhelle_2-1585767814538.png

GitHub Location

ianhelle_3-1585767814538.png

Video/Webinar

 

Advanced articles are indicated with a bold A.

 

Note: many of the video/webinar links have a companion deck. You view the full list here.

Contents

 

 

Overview

 

If you are new to Azure Sentinel or need a refresher on the core components you should read this overview document.

https://docs.microsoft.com/en-us/azure/sentinel/overview

 

If you find terms in this document that you are not familiar with, you should refer back to the Azure Sentinel Overview to clarify them.

 

This webinar is also useful, more technical, overview of Azure Sentinel Features

Azure Sentinel webinar: Understanding Azure Sentinel features and functionality deep dive - YouTube 

 

Azure Sentinel Community and Contributing

You can contribute detections, hunting queries, workbooks, Jupyter notebooks and playbooks to the Azure Sentinel user community. Find out more about this here:

https://github.com/Azure/Azure-Sentinel/wiki

 

The Wiki is part of the Azure Sentinel GitHub, which is the central repository for Microsoft and community contributions to Azure Sentinel: https://github.com/Azure/Azure-Sentinel

 

Creating Your Azure Sentinel Workspace

 

Most of you reading this will have already set up your Workspace. If not, here is a quick introduction:

https://docs.microsoft.com/en-us/azure/sentinel/quickstart-onboard

 

Automating Azure Sentinel Setup

Even though this article is focused on setting up a lab environment, it contains a lot of information about automating workspace creation and configuration with Azure Resource Manager (ARM) templates.

https://gorovian.000webhostapp.com/?exam=t5/azure-sentinel/azure-sentinel-to-go-sentinel-lab-w-prerecorde...

 

Other Azure Sentinel Design and Deployment Articles

These articles are all relatively advanced topics.

Cloud & on-prem architecture

https://youtu.be/_mm3GNwPBHU

ianhelle_4-1585767814538.png

A

Managing Multiple tenants with Azure Lighthouse

https://gorovian.000webhostapp.com/?exam=t5/azure-sentinel/using-azure-lighthouse-and-azure-sentinel-to-m...

ianhelle_5-1585767814539.png

A

Architect your Sentinel Deployment

https://gorovian.000webhostapp.com/?exam=t5/azure-sentinel/best-practices-for-designing-an-azure-sentinel...

ianhelle_6-1585767814539.png

A

Running Sentinel alongside Splunk

https://gorovian.000webhostapp.com/?exam=t5/azure-sentinel/azure-sentinel-side-by-side-with-splunk/ba-p/1...

ianhelle_7-1585767814539.png

A

Table Level Role Based Access Control

https://gorovian.000webhostapp.com/?exam=t5/azure-sentinel/table-level-rbac-in-azure-sentinel/ba-p/965043

ianhelle_7-1585767814539.png

A

Deploying and Managing Azure Sentinel as Code

https://gorovian.000webhostapp.com/?exam=t5/azure-sentinel/deploying-and-managing-azure-sentinel-as-code/...

ianhelle_7-1585767814539.png

A

Combining Lighthouse with Sentinel DevOps

https://gorovian.000webhostapp.com/?exam=t5/azure-sentinel/combining-azure-lighthouse-with-sentinel-s-dev...

ianhelle_7-1585767814539.png

A

 

Onboarding Data

 

Identifying Critical Data

The data that is critical to identifying malicious activity will vary from organization to organization. It will likely include many of the following categories:

 

Category

Examples

Host/Endpoint Logs

Log Analytics Agent, Syslog, Auditd, Windows Event Collection

Authentication Logs

Azure Active Directory, AWS CloudTrail

Cloud Infrastructure

Azure Activity, AWS CloudTrail, Azure Storage

Cloud Application Logs

Office 365

Network Infrastructure and Device Logs

Syslog, Azure Network Analytics, OMS Wiredata

 

Identifying what data is already Onboarded

How do you know what data you may have already available in Azure Log Analytics? You can use the Workspace Usage workbook for an overview of data usage in your workspace. Alternatively, use the Log Analytics query tool to browse around your data tables and their schema. The KQL search is useful to get a view of how much data you have of each type:

 

 

More details of about querying data in Azure Sentinel can be found in this article:

https://docs.microsoft.com/en-us/azure/azure-monitor/log-query/log-query-overview.

 

Costs of Data in Azure Sentinel

 

Office 365, Azure AD and AWS data are free

https://azure.microsoft.com/en-us/pricing/details/azure-sentinel/

ianhelle_1-1585767814537.png

 

Calculate data storage costs

https://azure.microsoft.com/en-us/pricing/calculator/?service=azure-sentinel

ianhelle_1-1585767814537.png

 

Custom retention periods for data

https://gorovian.000webhostapp.com/?exam=t5/azure-sentinel/new-per-data-type-retention-is-now-available-f...

ianhelle_7-1585767814539.png

A

 

Onboarding new data

These articles cover the general operation and setup of data connectors and ingestion of data into Azure Sentinel.

 

Quick Start

https://docs.microsoft.com/en-us/azure/sentinel/quickstart-onboard

ianhelle_1-1585767814537.png

 

Getting data into Azure Sentinel

https://www.youtube.com/watch?v=4HuxC-eCegs

ianhelle_4-1585767814538.png

 

Built-in Connectors

https://docs.microsoft.com/en-us/azure/sentinel/connect-data-sources

ianhelle_1-1585767814537.png

 

Custom Connectors

https://gorovian.000webhostapp.com/?exam=t5/azure-sentinel/azure-sentinel-creating-custom-connectors/ba-p...

ianhelle_6-1585767814539.png

 

 

Common Data Sources

Azure Sentinel documentation has many articles covering ingesting data from hosts, Microsoft Security Services and Cloud Services and other common sources. The following table highlights some of these.

 

Windows Security Events

https://docs.microsoft.com/en-us/azure/sentinel/connect-windows-security-events

ianhelle_1-1585767814537.png

 

AWS

https://docs.microsoft.com/en-us/azure/sentinel/connect-aws

ianhelle_1-1585767814537.png

 

Azure Active Directory

https://docs.microsoft.com/en-us/azure/sentinel/connect-azure-active-directory

ianhelle_1-1585767814537.png

 

Office 365

https://docs.microsoft.com/en-us/azure/sentinel/connect-office-365

ianhelle_1-1585767814537.png

 

Microsoft Teams

https://gorovian.000webhostapp.com/?exam=t5/azure-sentinel/protecting-your-teams-with-azure-sentinel/ba-p...

ianhelle_1-1585767814537.png

 

Azure Security Center alerts

https://docs.microsoft.com/en-us/azure/sentinel/connect-azure-security-center

ianhelle_1-1585767814537.png

 

Microsoft Defender alerts

https://docs.microsoft.com/en-us/azure/sentinel/connect-microsoft-defender-advanced-threat-protectio...

ianhelle_1-1585767814537.png

 

Cloud App Security (MCAS)

https://docs.microsoft.com/en-us/azure/sentinel/connect-cloud-app-security

ianhelle_1-1585767814537.png

 

Azure Activity

https://docs.microsoft.com/en-us/azure/sentinel/connect-azure-activity

ianhelle_1-1585767814537.png

 

Syslog

https://docs.microsoft.com/en-us/azure/sentinel/connect-syslog

ianhelle_1-1585767814537.png

 

CEF (Common Event Format)

https://docs.microsoft.com/en-us/azure/sentinel/connect-common-event-format

ianhelle_1-1585767814537.png

 

 

In the same section as the references in the previous, you can also find instructions on other data sources such as Azure ATP, Windows Firewall, Azure Information Protection, Barracuda, Citrix, F5, ForcePoint, Squandra, Symantec and others.

 

Other Data Sources

Other references on importing log data into Azure Sentinel.

 

Linux Auditd ingestion and monitoring

https://gorovian.000webhostapp.com/?exam=t5/azure-sentinel/ingesting-auditd-configured-for-pam-tty-sessio...

ianhelle_6-1585767814539.png

 

Best Practices for bringing in Common Event Framework data

https://gorovian.000webhostapp.com/?exam=t5/azure-sentinel/best-practices-for-common-event-format-cef-col...

ianhelle_6-1585767814539.png

 

Understanding the Log Analytics Agent

https://docs.microsoft.com/en-us/azure/azure-monitor/platform/log-analytics-agent

ianhelle_1-1585767814537.png

 

Bringing in Proofpoint TAP logs to Azure Sentinel

https://gorovian.000webhostapp.com/?exam=t5/azure-sentinel/sending-proofpoint-tap-logs-to-azure-sentinel/...

ianhelle_6-1585767814539.png

A

 

Threat Intelligence Data

Threat intelligence data can enhance your ability to detect malicious actions in detections, investigations and hunting.

 

Bring your own Threat Intel

https://gorovian.000webhostapp.com/?exam=t5/azure-sentinel/bring-your-threat-intelligence-to-azure-sentin...

ianhelle_6-1585767814539.png

 

Deep Dive in Threat Intelligence

https://youtu.be/zfoVe4iarto

ianhelle_4-1585767814538.png

 

 

 

Monitoring Activity

 

Basic information about your workspace is available in the Overview panel. The Incidents pane is also a key view where you can see current unresolved incidents from alerts (see Detections section later in the document).

 

Workbooks

Workbooks are one of the most useful tools in monitoring ongoing operations. Workbooks are a type of interactive and customizable dashboard view that gather multiple views and visualizations of data into a single pane.

They can include queried data from any Azure Sentinel table although are often designed to show multiple facets of one specific data set. You can choose from a variety of workbooks available within Azure Sentinel and a larger selection in the Azure Sentinel GitHub repo.

 

Workbooks

https://docs.microsoft.com/en-us/azure/sentinel/tutorial-monitor-your-data

ianhelle_1-1585767814537.png

 

GitHub available Workbooks

https://github.com/Azure/Azure-Sentinel/tree/master/Workbooks

ianhelle_2-1585767814538.png

 

 

 

Detections

 

Azure Sentinel has many built-in detections. You can supplement these with alerts from your other detection services such as Azure Security Center, Office365 ATP, WDATP and Azure ATP. You can also create your own detection rules or import them from other sources.

 

Enabling Azure Sentinel Detections

These references describe the Azure Sentinel built-in detection rules and some other common detection sources. For building your own custom detection rules see also the articles in the 

Log Queries and the Kusto Query Language section later in the document.

 

Built-in Detections

https://docs.microsoft.com/en-us/azure/sentinel/tutorial-detect-threats-built-in

ianhelle_1-1585767814537.png

 

Custom Analytics

https://docs.microsoft.com/en-us/azure/sentinel/tutorial-detect-threats-custom

ianhelle_1-1585767814537.png

 

Create Incidents from Alerts

https://docs.microsoft.com/en-us/azure/sentinel/create-incidents-from-alerts

ianhelle_1-1585767814537.png

 

URL Detonation

https://gorovian.000webhostapp.com/?exam=t5/azure-sentinel/using-the-new-built-in-url-detonation-in-azure...

ianhelle_6-1585767814539.png

 

Azure Security Center

https://gorovian.000webhostapp.com/?exam=t5/azure-sentinel/integrating-azure-security-center-with-azure-s...

ianhelle_6-1585767814539.png

 

Office 365 Alerts

https://gorovian.000webhostapp.com/?exam=t5/azure-sentinel/ingesting-office-365-alerts-with-graph-securit...

ianhelle_6-1585767814539.png

 

Multistage attack detection

https://docs.microsoft.com/en-us/azure/sentinel/fusion

ianhelle_1-1585767814537.png

 

Detection Details and public repository

https://github.com/Azure/Azure-Sentinel/tree/master/Detections

ianhelle_2-1585767814538.png

 

 

External Detection Rule Sources and Providers

You can also integrate with other threat detection services to Sigma rules are a particularly useful source of detection logic. The Proofpoint TAP blog shows a general mechanism for importing alerts from a REST API. This can be used to bring Alerts from many providers into Azure Sentinel. Many of the data providers listed

 

Importing Sigma Rules to Azure Sentinel

https://gorovian.000webhostapp.com/?exam=t5/azure-sentinel/importing-sigma-rules-to-azure-sentinel/ba-p/6...

ianhelle_6-1585767814539.png

 

Sigma and SOCPrime integration

https://gorovian.000webhostapp.com/?exam=t5/azure-sentinel/azure-sentinel-sigma-and-soc-prime-integration...

ianhelle_6-1585767814539.png

 

Ingesting AlienVault OTX into Azure Sentinel

https://gorovian.000webhostapp.com/?exam=t5/azure-sentinel/ingesting-alien-vault-otx-threat-indicators-in...

ianhelle_6-1585767814539.png

A

 

 

Investigations

 

Overview

 

End-to-End SOC scenario

https://www.youtube.com/watch?
v=HloK6Ay4h1M&feature=youtu.be

ianhelle_4-1585767814538.png

 

 

 

Investigation Graph

The investigation graph is the hub around which many investigation tasks pivot. It gives you an interactive graphical view of connected alerts and entities related to a single investigation. You can explore the context of each item in the investigation panel, add related entities and view the timeline of the attack.

 

Investigation Graph

https://docs.microsoft.com/en-us/azure/sentinel/tutorial-investigate-cases

ianhelle_1-1585767814537.png

 

 

Log Queries and the Kusto Query Language

The core of Azure Sentinel is the query engine. Detections, Workbooks, Hunting and Investigation tools are all powered by the Log Analytics query engine. You will need to have some understanding of Kusto in order to ad hoc querying or create new detection alerts.

 

Introduction to Log Query

https://docs.microsoft.com/en-us/azure/azure-monitor/log-query/log-query-overview

ianhelle_1-1585767814537.png

 

Azure Sentinel Correlation – Join operator

https://gorovian.000webhostapp.com/?exam=t5/azure-sentinel/azure-sentinel-correlation-rules-the-join-kql-...

ianhelle_6-1585767814539.png

 

Azure Sentinel Correlation – make_list/in

https://gorovian.000webhostapp.com/?exam=t5/azure-sentinel/azure-sentinel-correlation-rules-active-lists-...

ianhelle_6-1585767814539.png

 

Deep dive on correlation Rules

https://youtu.be/pJjljBT4ipQ

ianhelle_4-1585767814538.png

 

KQL Functions

https://gorovian.000webhostapp.com/?exam=t5/azure-sentinel/using-kql-functions-to-speed-up-analysis-in-az...

ianhelle_6-1585767814539.png

A

KQL Reference

https://docs.microsoft.com/en-us/azure/kusto/query/

ianhelle_1-1585767814537.png

 

Introduction to KQL (Pluralsight)

https://app.pluralsight.com/library/courses/kusto-query-language-kql-from-scratch/table-of-contents

ianhelle_4-1585767814538.png

 

Including external data in your queries

https://gorovian.000webhostapp.com/?exam=t5/azure-sentinel/implementing-lookups-in-azure-sentinel-part-1-...

ianhelle_6-1585767814539.png

A

 

Workbooks

Using workbooks to show multiple views of related data can help you understand the context of different elements involved in a potential attack. If an attack is confirmed, they can also help you understand the connections and further understand blast radius.

 

Workbooks

https://docs.microsoft.com/en-us/azure/sentinel/tutorial-monitor-your-data

ianhelle_1-1585767814537.png

 

GitHub available Workbooks

https://github.com/Azure/Azure-Sentinel/tree/master/Workbooks

ianhelle_2-1585767814538.png

 

 

Hunting

 

Threat hunting can identify previously undetected malicious activity in your environment. As well as spotting potentially malicious activities. You can use your hunting findings to create detection rules that will alert on these patterns in the future.

 

Threat Hunting and Investigation Techniques

 

General Threat Hunting

https://gorovian.000webhostapp.com/?exam=t5/azure-sentinel/identifying-threat-hunting-opportunities-in-yo...

ianhelle_6-1585767814539.png

 

Using Bookmarks in hunting

https://docs.microsoft.com/en-us/azure/sentinel/bookmarks

ianhelle_1-1585767814537.png

 

Using Livestream in hunting

https://docs.microsoft.com/en-us/azure/sentinel/livestream

ianhelle_1-1585767814537.png

 

Tracking High Value Accounts

https://gorovian.000webhostapp.com/?exam=t5/azure-sentinel/azure-sentinel-performing-additional-security-...

ianhelle_6-1585767814539.png

 

Using Time series analysis to detect anomalous patterns

https://gorovian.000webhostapp.com/?exam=t5/azure-sentinel/time-series-visualization-of-palo-alto-logs-to...

 

https://gorovian.000webhostapp.com/?exam=t5/azure-sentinel/looking-for-unknown-anomalies-what-is-normal-t...

ianhelle_6-1585767814539.png

A

Identifying Network Beaconing

https://gorovian.000webhostapp.com/?exam=t5/azure-sentinel/detect-network-beaconing-via-intra-request-tim...

ianhelle_6-1585767814539.png

A

Office 365 specific threat hunting

https://gorovian.000webhostapp.com/?exam=t5/azure-sentinel/office-365-email-activity-and-data-exfiltratio...

ianhelle_6-1585767814539.png

A

Taking a known breach and looking at your environment - Capital One Breach

Part 1 - https://gorovian.000webhostapp.com/?exam=t5/azure-sentinel/hunting-for-capital-one-breach-ttps-in-aws-log...

Part 2 - https://gorovian.000webhostapp.com/?exam=t5/azure-sentinel/hunting-for-capital-one-breach-ttps-in-aws-log...

ianhelle_6-1585767814539.png

A

GitHub available Hunting queries

https://github.com/Azure/Azure-Sentinel/tree/master/Hunting%20Queries

ianhelle_2-1585767814538.png

 

 

Workbooks

Workbooks can help you easily identify trends, blast radius and identify areas of further investigation.

 

Mapping your users travel

https://gorovian.000webhostapp.com/?exam=t5/azure-sentinel/how-to-use-azure-sentinel-to-follow-a-users-tr...

ianhelle_6-1585767814539.png

 

Map security events across the globe

https://gorovian.000webhostapp.com/?exam=t5/azure-sentinel/how-to-use-azure-monitor-workbooks-to-map-sent...

ianhelle_6-1585767814539.png

 

GitHub available Workbooks

https://github.com/Azure/Azure-Sentinel/tree/master/Workbooks

ianhelle_2-1585767814538.png

 

 

Jupyter Notebooks

Jupyter Notebooks for advance investigations allow for extensive customization, bringing in multiple disparate tools and methods available across the cyber security landscape.

 

Getting started with Jupyter Notebooks

https://docs.microsoft.com/en-us/azure/sentinel/notebooks

ianhelle_1-1585767814537.png

 

Using Jupyter notebooks in an investigation

https://gorovian.000webhostapp.com/?exam=t5/azure-sentinel/what-am-i-looking-at-using-notebooks-to-gain-s...

ianhelle_6-1585767814539.png

A

3 part series on Security Investigations using Jupyter Notebooks

Part 1 - https://gorovian.000webhostapp.com/?exam=t5/azure-sentinel/security-investigation-with-azure-sentinel-and...

Part 2 - https://gorovian.000webhostapp.com/?exam=t5/azure-sentinel/security-investigation-with-azure-sentinel-and...

Part 3 - https://gorovian.000webhostapp.com/?exam=t5/azure-sentinel/security-investigation-with-azure-sentinel-and...

ianhelle_6-1585767814539.png

A

Linux Host Explorer

https://gorovian.000webhostapp.com/?exam=t5/azure-sentinel/explorer-notebook-series-the-linux-host-explor...

ianhelle_6-1585767814539.png

A

Using Threat Intel in your Jupyter Notebook

https://gorovian.000webhostapp.com/?exam=t5/azure-sentinel/using-threat-intelligence-in-your-jupyter-note...

ianhelle_6-1585767814539.png

A

Jupyter Notebook repository

https://github.com/Azure/Azure-Sentinel-Notebooks

ianhelle_2-1585767814538.png

A

MSTICPY – InfoSec defenders Python library for Jupyter Notebooks

https://github.com/Microsoft/msticpy

ianhelle_2-1585767814538.png

A

 

Remediation and Automation

 

Respond to threats automatically using Playbooks to allow for rapid response and blocking of attacks. Playbooks are implemented using Azure Logic Apps. Using them you can create complex workflows involving notifications, requesting approvals, reading from and updating data sources using a variety of services such as Teams, Office 365, Service Now and others.

 

How to run a playbook in Azure Sentinel

https://docs.microsoft.com/en-us/azure/sentinel/tutorial-respond-threats-playbook

ianhelle_1-1585767814537.png

 

Playbooks available on GitHub

https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks

ianhelle_2-1585767814538.png

 

Azure Logic Apps overview

https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-overview

ianhelle_6-1585767814539.png

 

 

Community Articles and Resources

 

The following table is a list of articles from the Azure Sentinel Community Wiki. New content is being added frequently so be sure to check this location directly.

https://github.com/Azure/Azure-Sentinel/wiki/Community-Publications

 

Title

Author

Type

Making your Azure Sentinel Workbooks multi-tenant (or multi-workspace)

Javier Soriano

blog

Security Monitoring and Detection Tips for your Storage Account – Part 1

Security Monitoring and Detection Tips for your Storage Account – Part 2

Security Monitoring and Detection Tips for your Storage Account – Part 3

Security Monitoring and Detection Tips for your Storage Account – Part 4

Thuan Nguyen

blog

The curious case of SaaS 3rd party into Azure Sentinel

Nathan Swift

blog

KQL Cheat Sheet

Marcus Bakker

CheatSheet

Azure Sentinel: advanced multistage attack detection — real machine learning for the real world

Maarten Goet

blog

Azure Sentinel Design

Adrian Grigorof

Infographics

Azure Sentinel: designing access and authorizations that meet the enterprise needs

Maarten Goet

blog

Azure Sentinel: automating your Use Cases with PowerShell and the #AzSentinel module

Maarten Goet

blog

Derbycon2019-Azure Sentinel A first look at Microsofts SIEM Solution

Carl Hertz

Video

ATT&CKing the Sentinel

Edoardo Gerosa & Olaf Hartong

Slides

Getting started using Microsoft Azure Sentinel Cloud Native SIEM

Chiheb Chebbi

blog

How to onboard Raspberry PI on Azure Sentinel

Antonio Formato

blog

Azure Sentinel: helping your SOC with investigation and hunting

Maarten Goet

blog

Protect yourself against CVE-2019–0708 aka #BlueKeep using Azure Sentinel and Microsoft Defender ATP

Maarten Goet

blog

Using Sysmon in Azure Sentinel

Olaf Hartong

blog

Azure Sentinel — Investigation Preview

Mag1cM0n

blog

The Journey to Azure Sentinel (Deploy Azure Sentinel)

Eli Shlomo

blog

Azure Sentinel — Microsoft Defender ATP: Automatic Advanced Hunting

Antonio Formato

blog

Azure Sentinel SIEM Architecture

Adrian Grigorof

Infographics

Connect Azure Sentinel to a ticketing system using the Microsoft Graph Security API

Azure Vlog-Youtube

Video

Azure Sentinel — MineMeld. Bring Your Own Threat Intelligence feeds

Antonio Formato

blog

Supercharge your PowerShell defenses with Azure Sentinel, MITRE ATT&CK and Sigma

Maarten Goet

blog

Protecting against malicious payloads over DNS using Azure Sentinel

Maarten Goet

blog

Syslog to Azure Sentinel

Irek Romaniuk

blog

Visualize your Azure Sentinel data with Grafana

Maarten Goet

blog

Azure Sentinel: design considerations

Maarten Goet

blog

Azure Sentinel FUSION: machine learning for a SecOps world

Maarten Goet

blog

Microsoft Azure Sentinel: not your daddy’s Splunk

Maarten Goet

blog

Series of experiments with Azure Sentinel Public Preview Part 1 Part 2 Part 3 Part 4 Part 5 Part 6 Part 7 Part 8 Part 9

Adrian Grigorof

blog

 

Other Resources

 

General

 

Azure Sentinel Documentation

https://docs.microsoft.com/en-us/azure/sentinel/

Azure Sentinel Technical Community Blog

https://gorovian.000webhostapp.com/?exam=t5/forums/postpage/board-id/AzureSentinelBlog

 

Azure Sentinel Community Publications

https://github.com/Azure/Azure-Sentinel/wiki/Community-Publications

Security Community Webinars

https://gorovian.000webhostapp.com/?exam=t5/security-privacy-compliance/security-community-webinars/m-p/9...

 

Customer Stories

 

SWC Technology Partners

https://customers.microsoft.com/en-us/story/741469-swctechnologypartners-partnerprofessionalservices...

ASOS

https://customers.microsoft.com/en-us/story/751656-asos-retailer-azure-sentinel

Avanade

https://customers.microsoft.com/en-us/story/751679-avanade-professional-services-azure-sentinel

 

Conclusion

 

We hope that you have found this article a useful guide to documentation and resources for Azure Sentinel. This article is not intended to replace a central document resources like Azure Docs. We will try update this with new and changed resources until something more permanent is in place. We welcome any feedback on additional content to include.

 

Contributions

@ianhelle@shainw@Ajeet76@Pete Bryan

 

3 Comments
Version history
Last update:
‎Apr 06 2020 08:45 AM
Updated by:
www.000webhost.com