Microsoft Sentinel Readiness Resources

Below you will find content to assist in upskilling on Microsoft Sentinel. Content is organized by increasing levels of complexity (Fundamentals, Associate) followed by other associated critical resources.

Fundamentals

Building a Demo. Instance

Use these steps to build a demo instance; free for one month

  1. Microsoft Sentinel Training Lab
    • Initial Setup (“Dummy Data”)
  2. Connect Azure Active Directory (Azure AD) Data to Microsoft Sentinel - Microsoft Docs
  3. Possible Additional Data
    • Microsoft Sentinel To-Go is an open source project developed to expedite the deployment of a Microsoft Sentinel lab along with other resources for research purposes. (i.e., more “Dummy Data”)
  4. Ingest Sample CEF Data into Sentinel - Microsoft Tech Community
    • Sample Data CEF
  5. Additional Microsoft Sentinel Sample Data
  6. New Ingestion SampleData-as-a-Service Solution - Microsoft Tech Community

Associate

Azure Lighthouse

Build a SOC & Operationalize Security Operations

Agents Resources

KQL

ADX

Notebooks

Migration

Build Solutions & Other Contributions

MDTI (Defender for Threat Intelligence) & Risk IQ Integration

SOAR

Repositories

Fusion

UEBA

Storage options

Costs

Data at No-Cost

Microsoft Sentinel and Log Analytics offer ingestion & 90-day retention of some data at no cost, including:

  • Azure Activity Logs
  • Office 365 Audit Logs (e.g., SharePoint activity, Exchange activity, Teams)
  • Alerts from Microsoft Defender products
  • Azure Information Protection Alerts
  • Microsoft Defender for IoT Alerts

Reference Plan Costs and Microsoft Sentinel Pricing and Billing - Microsoft Docs for further information.

Other Ways to Save