title | description | author | ms.topic | ms.date | ms.author | ms.custom |
---|---|---|---|---|---|---|
Useful resources when working with Microsoft Sentinel |
This document provides you with a list of useful resources when working with Microsoft Sentinel. |
yelevin |
conceptual |
11/09/2021 |
yelevin |
ignite-fall-2021 |
[!INCLUDE Banner for top of topics]
This article lists resources that can help you get more information about working with Microsoft Sentinel.
Microsoft Sentinel uses Azure Monitor Log Analytics's Kusto Query Language (KQL) to build queries. For more information, see:
- Kusto Query Language in Microsoft Sentinel
- Useful resources for working with Kusto Query Language in Microsoft Sentinel
The Azure Active Directory Security Operations Guide includes specific guidance and knowledge about data that's important to monitor for security purposes, for several operational areas.
In each article, check for sections named Things to monitor for lists of events that we recommend alerting on and investigating, as well as analytics rule templates to deploy directly to Microsoft Sentinel.
Create automation in Microsoft Sentinel using Azure Logic Apps, with a growing gallery of built-in playbooks.
For more information, see Azure Logic Apps connectors.
The following table describes the differences between playbooks, workbooks, and notebooks in Microsoft Sentinel:
Category | Playbooks | Workbooks | Notebooks |
---|---|---|---|
Personas |
|
|
|
Uses | Automation of simple, repeatable tasks:
|
|
|
Advantages |
|
|
|
Challenges |
|
|
|
More information | Automate threat response with playbooks in Microsoft Sentinel | Visualize collected data | Use Jupyter notebooks to hunt for security threats |
We love hearing from our users.
In the TechCommunity space for Microsoft Sentinel:
You can also send suggestions for improvements via our User Voice program.
The Microsoft Sentinel GitHub repository is a powerful resource for threat detection and automation.
Our Microsoft security analysts constantly create and add new workbooks, playbooks, hunting queries, and more, posting them to the community for you to use in your environment.
Download sample content from the private community GitHub repository to create custom workbooks, hunting queries, notebooks, and playbooks for Microsoft Sentinel.
[!div class="nextstepaction"] Get certified!
[!div class="nextstepaction"] Read customer use case stories