Microsoft Sentinel and Its Components
                     Microsoft Sentinel and Its Components
www.infosectrain.com | [email protected]
www.infosectrain.com | [email protected]
Table of Contents
What is Microsoft Sentinel?
Components of Microsoft Sentinel
Stages of Microsoft Sentinel
What is Microsoft Sentinel?
The Microsoft Sentinel was previously known as Azure Sentinel. Microsoft Sentinel 
is a cloud-based SIEM (Security Information Event Management) and SOAR 
(Security Orchestration Automated Response) tool used by security operation 
analysts to gather information from many sources and provide security insights to 
the corporation. Microsoft Sentinel uses Microsoft threat intelligence and machine 
learning technologies to detect and investigate threats and suspicious activity 
quickly. It reacts quickly to any vulnerabilities and automates security to keep your 
company safe. It combines alert detection, proactive hunting, threat visibility, and 
threat response into a single solution. Microsoft Sentinel manages all your on-
premises servers, devices, applications, etc.
www.infosectrain.com | [email protected]
Components of Microsoft Sentinel
www.infosectrain.com | [email protected]
1.Data Connectors: Microsoft Sentinel includes several connectors for Microsoft 
products that enable real-time connectivity. Built-in connectors are provided in 
Microsoft Sentinel to allow data from Microsoft products and users. Non-Microsoft 
products can benefit from out-of-the-box connectivity to the larger security ecosystem.
2.Workbooks: You may monitor the data using the Microsoft Sentinel connection with 
Azure monitor workbooks once you have connected data sources to Microsoft Sentinel. 
Microsoft Sentinel provides you to develop unique workbooks based on your data, as 
well as pre-built workbook templates and configurable solutions for visualizing Sentinel 
data.
3.Analytics: Microsoft Sentinel uses analytics rules to correlate alerts into a possibly 
high-security incident and proactively alert security responders. Users can utilize Kusto 
Query Language (KQL) to create custom rules to generate alerts in Analytics. There are 
various pre-built rules and linkages to Microsoft sources like Cloud App Security and 
Azure ATP.
4.Playbooks: Playbooks interface with Microsoft services and existing tools to 
automate and simplify security orchestration. Playbooks are a set of concepts to run in 
response to a sentinel indication, and they use Azure Logic Apps. Playbooks are 
designed to automate and simplify operations such as data intake, enrichment, and 
investigation for SOC engineers and analysts.
www.infosectrain.com | [email protected]
5.Community: Community is a Microsoft Sentinel page powered by GitHub that 
contains several data sources for threat intelligence and automation. Sample 
hunting queries, playbooks, workbooks, and other resources are available on the 
Microsoft Sentinel community page. Users can use it to set up alerts and respond 
to hazards in their environments.
6.Workspace: A workspace, also known as a log analytics workspace, is a storage 
area for information and configuration settings. Microsoft Sentinel uses it to store 
data gathered from multiple sources. You can either establish a new workspace 
for data storage or use an existing workspace.
7.Dashboard: Microsoft Sentinel has a simple standalone dashboard that allows 
you to visualize data from multiple sources and configures rules in real-time. 
Enable the security team to understand better the events generated by those 
services. It has the following characteristics:
 Machine learning
 Rule management
 Resource analysis for a single machine
www.infosectrain.com | [email protected]
8.Investigation: The investigation capabilities in Microsoft Sentinel assist you in 
determining the scope of a potential security problem and determining the root 
cause. Choose a specific incident to launch an investigation. A case is a compilation 
of all pertinent evidence relating to a single investigation.
9.Hunting: Hunting is in charge of executing manual and proactive investigations 
to uncover and assess security vulnerabilities across your organization’s data 
sources before an incident is raised. Microsoft Sentinel features sophisticated 
hunting search and query tools based on the MITRE ATT&CK framework. KQL 
(Kusto Query Language) improves Microsoft Sentinel’s searching capabilities.
10.Notebooks: In Azure machine learning workspaces, Microsoft Sentinel supports 
Jupyter notebooks, which contain an in-built collection of frameworks and 
modules for machine learning, visualization, and data analysis. A notebook can 
examine errors and look for harmful behavior by providing security views and 
activities. A notebook is a browser-based online application that allows you to run 
live visualizations and code.
www.infosectrain.com | [email protected]
Stages of Microsoft Sentinel
www.infosectrain.com | [email protected]
1.Data collection at the cloud platform: Microsoft Sentinel is a service that is entirely 
hosted in the cloud. Microsoft Sentinel is a log-analytics-based data collection 
platform that collects data on all users, servers, workstations, devices, apps, and 
infrastructure on-premises and across different clouds. Various connectors available 
for Microsoft solutions allow us to connect to other clouds and integrate data.
2.Detect previously unidentified threats: Microsoft Sentinel uses Microsoft’s 
analytics, machine learning, and unrivaled threat intelligence to identify and analyze 
previously unknown threats and reduce false-positive results. Microsoft Sentinel 
provides built-in templates for creating threat detection procedures and automating 
threat responses right out of the box.
3.Investigate risks with artificial intelligence: Microsoft Sentinel uses artificial 
intelligence and machine learning to investigate threats and look for suspicious 
activity on a large scale. It visualizes the sustained attack and its consequences. It 
uses the MITRE framework to decrease noise and seek security issues.
4.Respond rapidly to incidents: With built-in orchestration and automation of typical 
tasks, Microsoft Sentinel reacts quickly to incidents that occur and responds to 
address the risks to minimize their impact.
www.infosectrain.com | [email protected]
Microsoft Sentinel with InfosecTrain
Microsoft Azure is the second-largest cloud computing platform in the 
world, and it is rapidly expanding. If you are interested in learning more 
about Microsoft Sentinel, you can enroll in InfosecTrain. InfosecTrain’s 
Microsoft Sentinel training course covers the fundamentals of Microsoft 
Sentinel, including its components and functionalities. InfosecTrain is a 
prominent security and technology training and consulting firm 
specializing in information security and cloud security services.
www.infosectrain.com | [email protected]
About InfosecTrain
• Established in 2016, we are one of the finest 
Security and Technology Training and 
Consulting company
• Wide range of professional training programs, 
certifications & consulting services in the IT 
and Cyber Security domain
• High-quality technical services, certifications 
or customized training programs curated with 
professionals of over 15 years of combined 
experience in the domain
www.infosectrain.com | [email protected]
Our Endorsements
www.infosectrain.com | [email protected]
Why InfosecTrain Global Learning Partners
Certified and Flexible modes Access to the 
Experienced Instructors of Training recorded 
sessions
Post training Tailor Made 
completion Training
www.infosectrain.com | [email protected]
Our Trusted Clients
www.infosectrain.com | [email protected]

Contact us
Get your workforce reskilled 
by our certified and 
experienced instructors!
IND: 1800-843-7890 (Toll Free) / US: +1 657-221-
1127  / UK : +44 7451 208413
[email protected]
www.infosectrain.com