March 2022
Beginner
452 pages
8h 59m
English
The previous chapter covered how to analyze, review, and investigate our logs and events to protect against risky sign-ins and elevated-risk users. This included creating reports and reviewing insights for user activity to recognize potential vulnerabilities and alert against possible threats. In this chapter, we will discuss how to integrate and enable the use of these logs with Microsoft Sentinel or a third-party security incident and event management (SIEM) solution. This will include how to use Log Analytics with Kusto queries to review activity in Microsoft Sentinel.
In this chapter, we're going to cover the following main topics: