Skip to main content

This browser is no longer supported.

Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.

Download Microsoft Edge More info about Internet Explorer and Microsoft Edge
Read in English
Read in English Edit

Microsoft Sentinel documentation

Microsoft Sentinel provides attack detection, threat visibility, proactive hunting, and threat response to help you stop threats before they cause harm.

About Microsoft Sentinel

Overview

  • What is Microsoft Sentinel?
  • Best practices

Get started

Quickstart

  • Onboard Microsoft Sentinel

Deploy

  • Deployment guide
  • Prerequisites
  • Plan costs
  • Find solutions

How-To Guide

  • Install solutions and content

Collect data

Concept

  • Microsoft Sentinel data connectors
  • Data collection best practices
  • Normalizing and parsing data

Tutorial

  • Forward Syslog data to Log Analytics workspace

How-To Guide

  • Create a custom connector
  • Monitor connector health

Reference

  • Find data connectors

Detect threats

Concept

  • MITRE ATT&CKĀ® framework
  • User and entity behavior analytics (UEBA)

Tutorial

  • Detect threats by using analytics rules

How-To Guide

  • Detect threats by using built-in analytics
  • Create custom detection rules

Investigate and respond

Concept

  • Incident investigation and case management
  • Threat hunting
  • Kusto Query Language overview
  • Automation rules
  • Playbooks

Tutorial

  • Investigate with UEBA
  • Respond automatically to threats

How-To Guide

  • Investigate incidents
  • Manage incident workflow with tasks
  • Monitor your data
Your Privacy Choices
  • SH ICP Filing No. 13015306-25
  • PSB Filing No. 31011502002224
  • Privacy
  • Microsoft Azure Operated by 21Vianet
  • © Microsoft 2025
Your Privacy Choices
  • SH ICP Filing No. 13015306-25
  • PSB Filing No. 31011502002224
  • Privacy
  • Microsoft Azure Operated by 21Vianet
  • © Microsoft 2025