Author : HASSAN MD TAREQ | Updated : 2022/02/17
Create custom KQL query or load pre-defined queries.
Microsoft Sentinel incidents are containers of threats in your organization – alerts, entities and any additional related evidence. An incident is created based on alerts that you have defined in the security analytics page.
Interactive reports based on incoming data to sentinel.
Proactively hunt for security threats.
Jupyter notebooks allow you to supercharge your threat hunting and investigation by enabling documents that contain live code, visualizations, and narrative text.
About Entity Behavior Analytics Search. Search for account and host entities.
Cyber threat intelligence (CTI) within Azure Sentinel through tagging existing data as well as generating new CTI directly inside of Sentinel
Centrally discover, install, enable and manage out-of-the-box content and solutions for Microsoft Sentinel.
Helps to automate the deployment and management of your Microsoft Sentinel content through central repositories.
Community driven contents, contribution, forum, links etc.
Connect Microsoft and non-microsoft services/resources
Craft and enable analytics rules, either out-of-the-box or customized.
Collection of data from external data sources for correlation against the events in your Microsoft Sentinel environment.
Centrally manage the automation of incident handling, simplifying complex workflows for incident orchestration processes.
Pricing palan and other settings.