Summary
Contoso wanted to improve the efficiency of the investigation of the security incidents performed by their SecOps team.
The SecOps team was spending significant time investigating the high volume of alerts they were receiving from the various products and services used by Contoso.
By using Microsoft Sentinel Analytics, the SecOps team was able to detect and analyze potential threats more effectively. They could create analytics rules that would trigger alerts. The SecOps team was then able to effectively react to the threats based on the triggered alerts.
Without the help of Microsoft Sentinel Analytics, earlier the SecOps team wasn't able to use its time effectively on its other operations because it was spending time in manually correlating the threats and analyzing them.
In this module, you learned how Microsoft Sentinel Analytics can help SecOps to identify and stop cyberattacks.
Learn more
You can learn more by reviewing the following documents.
Getting started
- Microsoft Sentinel documentation
- Quickstart: On-board Microsoft Sentinel
- Microsoft Sentinel pricing
- Permissions in Microsoft Sentinel
- Tutorial: Visualize and monitor your data
- Quickstart: Get started with Microsoft Sentinel
- What is Azure Lighthouse?
- Extend Microsoft Sentinel across workspaces and tenants
- What is Azure Resource Manager?
- Azure Foundation 4-Week Implementation