Microsoft Sentinel

E730139

SIEM platform SOAR platform cloud-native security information and event management solution security orchestration automation and response solution

Microsoft Sentinel is a cloud-native security information and event management (SIEM) and security orchestration, automation, and response (SOAR) solution on Azure that helps organizations detect, investigate, and respond to threats at scale.

Jump to: Surface forms Statements Referenced by

Observed surface forms (1)

Surface form	Occurrences
Log Analytics	1

Statements (57)

Predicate	Object
instanceOf	SIEM platform ⓘ SOAR platform ⓘ cloud-native security information and event management solution ⓘ security orchestration automation and response solution ⓘ
category	cybersecurity product ⓘ incident response platform ⓘ security monitoring tool ⓘ threat detection platform ⓘ
dataIngestionModel	pay-per-GB ingested ⓘ
deploymentModel	cloud-native ⓘ
developedBy	Microsoft ⓘ
hostPlatform	Azure NERFINISHED ⓘ
integratesWith	Azure Active Directory NERFINISHED ⓘ Microsoft 365 NERFINISHED ⓘ Microsoft 365 Defender NERFINISHED ⓘ Microsoft Defender for Cloud NERFINISHED ⓘ Microsoft Defender for Endpoint NERFINISHED ⓘ cloud platforms ⓘ endpoint protection platforms ⓘ firewalls ⓘ identity providers ⓘ third-party security solutions ⓘ
licensingModel	consumption-based pricing ⓘ
partOf	Microsoft Azure NERFINISHED ⓘ
provides	alerting and notification ⓘ case management for incidents ⓘ centralized security event analysis ⓘ centralized security event collection ⓘ dashboards and workbooks for security monitoring ⓘ
runsOn	Microsoft Azure NERFINISHED ⓘ
securityDomain	incident management ⓘ security operations ⓘ threat detection and response ⓘ
supportsCapability	alert correlation ⓘ automated incident response ⓘ hunting queries ⓘ integration with threat intelligence feeds ⓘ log analytics ⓘ playbook automation ⓘ security analytics ⓘ security information and event management ⓘ security orchestration automation and response ⓘ threat detection ⓘ threat investigation ⓘ threat response ⓘ user and entity behavior analytics ⓘ
supportsEnvironment	hybrid cloud environments ⓘ multi-cloud environments ⓘ on-premises data sources via connectors ⓘ
targetUser	incident responders ⓘ security analysts ⓘ security operations center teams ⓘ threat hunters ⓘ
usesTechnology	Azure Logic Apps NERFINISHED ⓘ Azure Monitor Logs NERFINISHED ⓘ Kusto Query Language NERFINISHED ⓘ machine learning-based analytics ⓘ

Referenced by (4)

Full triples — surface form annotated when it differs from this entity's canonical label.

Azure Monitor → hasComponent → Microsoft Sentinel ⓘ

this entity surface form: Log Analytics

Microsoft Defender for Cloud Apps → integratesWith → Microsoft Sentinel ⓘ

Microsoft Defender for Endpoint → integratesWith → Microsoft Sentinel ⓘ

Microsoft Defender for Identity → integratesWith → Microsoft Sentinel ⓘ