Microsoft Sentinel
E730139
SIEM platform
SOAR platform
cloud-native security information and event management solution
security orchestration automation and response solution
Microsoft Sentinel is a cloud-native security information and event management (SIEM) and security orchestration, automation, and response (SOAR) solution on Azure that helps organizations detect, investigate, and respond to threats at scale.
All labels observed (2)
| Label | Occurrences |
|---|---|
| Microsoft Sentinel canonical | 3 |
| Log Analytics | 1 |
Statements (57)
| Predicate | Object |
|---|---|
| instanceOf |
SIEM platform
ⓘ
SOAR platform ⓘ cloud-native security information and event management solution ⓘ security orchestration automation and response solution ⓘ |
| category |
cybersecurity product
ⓘ
incident response platform ⓘ security monitoring tool ⓘ threat detection platform ⓘ |
| dataIngestionModel | pay-per-GB ingested ⓘ |
| deploymentModel | cloud-native ⓘ |
| developedBy | Microsoft ⓘ |
| hostPlatform | Azure NERFINISHED ⓘ |
| integratesWith |
Azure Active Directory
NERFINISHED
ⓘ
Microsoft 365 NERFINISHED ⓘ Microsoft 365 Defender NERFINISHED ⓘ Microsoft Defender for Cloud NERFINISHED ⓘ Microsoft Defender for Endpoint NERFINISHED ⓘ cloud platforms ⓘ endpoint protection platforms ⓘ firewalls ⓘ identity providers ⓘ third-party security solutions ⓘ |
| licensingModel | consumption-based pricing ⓘ |
| partOf | Microsoft Azure NERFINISHED ⓘ |
| provides |
alerting and notification
ⓘ
case management for incidents ⓘ centralized security event analysis ⓘ centralized security event collection ⓘ dashboards and workbooks for security monitoring ⓘ |
| runsOn | Microsoft Azure NERFINISHED ⓘ |
| securityDomain |
incident management
ⓘ
security operations ⓘ threat detection and response ⓘ |
| supportsCapability |
alert correlation
ⓘ
automated incident response ⓘ hunting queries ⓘ integration with threat intelligence feeds ⓘ log analytics ⓘ playbook automation ⓘ security analytics ⓘ security information and event management ⓘ security orchestration automation and response ⓘ threat detection ⓘ threat investigation ⓘ threat response ⓘ user and entity behavior analytics ⓘ |
| supportsEnvironment |
hybrid cloud environments
ⓘ
multi-cloud environments ⓘ on-premises data sources via connectors ⓘ |
| targetUser |
incident responders
ⓘ
security analysts ⓘ security operations center teams ⓘ threat hunters ⓘ |
| usesTechnology |
Azure Logic Apps
NERFINISHED
ⓘ
Azure Monitor Logs NERFINISHED ⓘ Kusto Query Language NERFINISHED ⓘ machine learning-based analytics ⓘ |
How these facts were elicited
The pipeline generated the facts above by prompting gpt-5.1 with this entity's name + description and the instruction below.
Instruction
You are a knowledge base construction expert. Given a subject entity and a description of it, return factual statements that you know for the subject as a JSON list of dictionaries(triples), where keys must be "subject", "predicate" and "object". The number of facts may be very high, between 25 to 50 or more, for very popular subjects. For less popular subjects, the number of facts can be very low, like 5 or 10. # Requirements - If you don't know the subject at all, return an empty list. - If the subject is not a named entity, return an empty list. - Include at least one triple where predicate is "instanceOf". - Do not get too wordy. - Separate several objects into multiple triples with one object.
Input
Subject: Microsoft Sentinel Description of subject: Microsoft Sentinel is a cloud-native security information and event management (SIEM) and security orchestration, automation, and response (SOAR) solution on Azure that helps organizations detect, investigate, and respond to threats at scale.
Referenced by (4)
Full triples — surface form annotated when it differs from this entity's canonical label.
this entity surface form:
Log Analytics