When to use Azure Sentinel

Azure Sentinel is a solution for performing security operations on your cloud and on-premises environments.

Use Azure Sentinel if you want to:

• Collect event data from various sources.
• Perform security operations on that data to identify suspicious activity.

Security operations could include:

• Visualization of log data.
• Anomaly detection.
• Threat hunting.
• Security incident investigation
• Automated response to alerts and incidents.

Azure Sentinel offers other capabilities that could help you decide whether it’s the right fit for you:

• Cloud-native SIEM. There are no servers to provision, so scaling is effortless.
• Integration with the Azure Logic Apps service and its hundreds of connectors.
• Benefits of Microsoft research and machine learning.
• Key log sources provided for free.
• Support for hybrid cloud and on-premises environments.
• SIEM and a data lake all in one.

When you began investigating Azure Sentinel, your organization had some clear requirements:

• Support for data from multiple cloud environments
• Features and functionality required for a security operations center (SOC), without too much administrative overhead