Logs

Create custom KQL query or load pre-defined queries.

Incidents

Microsoft Sentinel incidents are containers of threats in your organization – alerts, entities and any additional related evidence. An incident is created based on alerts that you have defined in the security analytics page.

Workbooks

Interactive reports based on incoming data to sentinel.

Hunting

Proactively hunt for security threats.

Notebooks

Jupyter notebooks allow you to supercharge your threat hunting and investigation by enabling documents that contain live code, visualizations, and narrative text.

Entity Behavior

About Entity Behavior Analytics Search. Search for account and host entities.

Threat Intelligence

Cyber threat intelligence (CTI) within Azure Sentinel through tagging existing data as well as generating new CTI directly inside of Sentinel

Content Hub

Centrally discover, install, enable and manage out-of-the-box content and solutions for Microsoft Sentinel.

Repositories

Helps to automate the deployment and management of your Microsoft Sentinel content through central repositories.

Community

Community driven contents, contribution, forum, links etc.

Data Connectors

Connect Microsoft and non-microsoft services/resources

Analytics

Craft and enable analytics rules, either out-of-the-box or customized.

Watchlist

Collection of data from external data sources for correlation against the events in your Microsoft Sentinel environment.

Automation

Centrally manage the automation of incident handling, simplifying complex workflows for incident orchestration processes.

Settings

Pricing palan and other settings.