20

Microsoft Sentinel Integration

Microsoft Sentinel, previously called Azure Sentinel, is a cloud-based security information and event management (SIEM) and security orchestration automated response (SOAR) platform offered by Microsoft and managed as an Azure resource. You can think of Sentinel as an additional layer for a mature security operations center (SOC), where Microsoft 365 Defender telemetry, alerts, and incidents are combined with those from other services, such as other Microsoft data sources or third-party applications and appliances.

As Sentinel’s use grows, it’s important to learn about how it relates to and its integrations with Microsoft 365 Defender. So, in this chapter, you’ll learn about the following:

  • The relationship ...

Get Mastering Microsoft 365 Defender now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.