Microsoft Sentinel

 

• A cloud-native SIEM and SOAR solution.
• It offers a birds-eye view across your enterprise.
• Sentinel is an intelligent security analytics and threat intelligence service that provides alert detection, threat visibility, proactive hunting, and threat response.
• Data connection methods in Sentinel: Service to service integration, External solutions via API, and External solutions via an agent.
• Microsoft Sentinel roles: Reader, Responder, and Contributor.

Threat Management

• Sentinel provides the following features: Collect, detect, Investigate, and Respond.
• Quickly gain insights across your data with Azure Sentinel Workbooks.
• Investigate and resolve possible threats with incidents (groups of related alerts).
• You can automate tasks and simplify security orchestration using playbooks.
• Sentinel provides deep investigation tools to find the root cause of a potential security threat.
• Hunting allows you to find issues in your data.

Pricing

• Data retention is charged after 90 days.
• You are charged for the ingested data (per GB).