Microsoft Sentinel
- Data connectors: ingest logs from Azure, M365, third-party, and custom sources.
- Analytic rules: scheduled KQL queries that create alerts/incidents.
- Playbooks: Logic Apps triggered by incidents for automated response (SOAR).
- Workbooks: interactive dashboards for security data visualization.
Defender for Cloud
- CSPM: continuous assessment and secure score recommendations.
- CWPP: workload protection for VMs, SQL, Storage, Containers, App Service.
- Regulatory compliance: track progress against CIS, NIST, PCI-DSS benchmarks.
- Just-in-time access: reduce attack surface by closing management ports.
Practice Security Operations Questions
Put your knowledge to the test with practice questions.