Microsoft Sentinel

E730139

Microsoft Sentinel is a cloud-native security information and event management (SIEM) and security orchestration, automation, and response (SOAR) solution on Azure that helps organizations detect, investigate, and respond to threats at scale.

Try in SPARQL Jump to: Surface forms Statements Referenced by

All labels observed (2)

Label Occurrences
Microsoft Sentinel canonical 3
Log Analytics 1

Statements (57)

Predicate Object
instanceOf SIEM platform
SOAR platform
cloud-native security information and event management solution
security orchestration automation and response solution
category cybersecurity product
incident response platform
security monitoring tool
threat detection platform
dataIngestionModel pay-per-GB ingested
deploymentModel cloud-native
developedBy Microsoft
hostPlatform Azure NERFINISHED
integratesWith Azure Active Directory NERFINISHED
Microsoft 365 NERFINISHED
Microsoft 365 Defender NERFINISHED
Microsoft Defender for Cloud NERFINISHED
Microsoft Defender for Endpoint NERFINISHED
cloud platforms
endpoint protection platforms
firewalls
identity providers
third-party security solutions
licensingModel consumption-based pricing
partOf Microsoft Azure NERFINISHED
provides alerting and notification
case management for incidents
centralized security event analysis
centralized security event collection
dashboards and workbooks for security monitoring
runsOn Microsoft Azure NERFINISHED
securityDomain incident management
security operations
threat detection and response
supportsCapability alert correlation
automated incident response
hunting queries
integration with threat intelligence feeds
log analytics
playbook automation
security analytics
security information and event management
security orchestration automation and response
threat detection
threat investigation
threat response
user and entity behavior analytics
supportsEnvironment hybrid cloud environments
multi-cloud environments
on-premises data sources via connectors
targetUser incident responders
security analysts
security operations center teams
threat hunters
usesTechnology Azure Logic Apps NERFINISHED
Azure Monitor Logs NERFINISHED
Kusto Query Language NERFINISHED
machine learning-based analytics

How these facts were elicited

The pipeline generated the facts above by prompting gpt-5.1 with this entity's name + description and the instruction below.

Instruction
You are a knowledge base construction expert. Given a subject entity and a description of it, return factual statements that you know for the subject as a JSON list of dictionaries(triples), where keys must be "subject", "predicate" and "object". The number of facts may be very high, between 25 to 50 or more, for very popular subjects. For less popular subjects, the number of facts can be very low, like 5 or 10.

# Requirements
- If you don't know the subject at all, return an empty list.
- If the subject is not a named entity, return an empty list.
- Include at least one triple where predicate is "instanceOf".
- Do not get too wordy.
- Separate several objects into multiple triples with one object.
Input
Subject: Microsoft Sentinel
Description of subject: Microsoft Sentinel is a cloud-native security information and event management (SIEM) and security orchestration, automation, and response (SOAR) solution on Azure that helps organizations detect, investigate, and respond to threats at scale.

Referenced by (4)

Full triples — surface form annotated when it differs from this entity's canonical label.

Azure Monitor hasComponent Microsoft Sentinel
this entity surface form: Log Analytics