Introduction

Welcome to Azure Sentinel. This book was developed together with the Azure Sentinel product group to provide in-depth information about Microsoft's new cloud-based security information and event management (SIEM) system, Azure Sentinel, and to demonstrate best practices based on real-life experience with the product in different environments.

The purpose of this book is to introduce the wide array of capabilities available in Azure Sentinel. After being introduced to the main use case scenarios to use Azure Sentinel, you will dig in to see how to deploy and operationalize Azure Sentinel for data collection, analytics, incident management, threat detection, and response.