Trace Id is missing
Skip to main content
Azure

Microsoft Sentinel

Simplify security operations with intelligent security analytics and scale as you grow.
Overview

Modernize your security operations with Microsoft Sentinel

  • Modernize your security operations center (SOC) with Microsoft Sentinel. Uncover sophisticated threats and respond decisively with an intelligent, comprehensive security information and event management (SIEM) solution for proactive threat detection, investigation, and response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs.
  • Focus on finding real threats quickly. Reduce noise from legitimate events with built-in machine learning and knowledge based on analyzing trillions of signals daily. Accelerate proactive threat hunting with prebuilt queries based on years of security experience. View a prioritized list of alerts, get correlated analysis of thousands of security events within seconds, and visualize the entire scope of every attack. Simplify security operations and speed up threat response with integrated automation and orchestration of common tasks and workflows.
  • Detect unknown threats and anomalous behavior of compromised users and insider threats. Get a new level of threat intelligence insight with user and entity profiling that uses peer analysis, machine learning, and Microsoft security expertise. Gain more contextual and behavioral information for threat hunting, investigation, and response using the built-in entity behavioral analytics.
    Two people are sitting at a desk with two large computer monitors, discussing the code displayed on the screens
  • Simplify data collection across different sources, including Azure, on-premises solutions, and across clouds using built-in connectors. Connect with data from your Microsoft products in just a few clicks. Import Office 365 audit logs, Azure activity logs, and alerts from Microsoft threat protection solutions for free, and analyze and draw correlations to deepen your intelligence.
    A person stands in front of a large screen displaying charts and graphs, holding a remote and speaking to an audience.
Features

Threat detection, investigation, and response

Data collection

Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds.

Threat detection

Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft.

AI-powered investigation

Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft.

Rapid response

Respond to incidents rapidly with built-in orchestration and automation of common tasks.

Built-in security and compliance 

Microsoft has committed to investing $20 billion in cybersecurity over five years.
We employ more than 8,500 security and threat intelligence experts across 77 countries.
Azure has one of the largest compliance certification portfolios in the industry.
Three people in a meeting with a laptop displaying graphs on the screen, seated at a wooden table in a room with brick walls.
Pricing

A cost-effective, cloud-native SIEM with predictable billing and flexible commitments

Reduce infrastructure costs by automatically scaling resources and only paying for what you use. Save up to 60% compared to pay-as-you-go pricing with capacity reservation tiers. Receive predictable monthly bills and the flexibility to change your capacity tier commitment every 31 days. Pay nothing extra when you ingest data from Office 365 audit logs, Azure activity logs, and alerts from Microsoft threat protection solutions.
Customer stories

Trusted by companies of all sizes

FAQ

  • Microsoft Sentinel is a cloud-native security information and event management (SIEM) platform that uses built-in AI to help analyze large volumes of data across an enterprise—fast. Microsoft Sentinel aggregates data from all sources, including users, applications, servers, and devices running on premises or in any cloud, letting you reason over millions of records in a few seconds. It includes built-in connectors for easy onboarding of popular security solutions. Collect data from any source with support for open standard formats like Common Event Format (CEF) and Syslog.
  • Yes, Microsoft Sentinel is built on the Azure platform. It provides a fully integrated experience in the Azure portal to augment your existing services, such as Microsoft Defender for Cloud and Azure Machine Learning. Create your Azure free account to get started.
  • Microsoft Sentinel integrates with many enterprise tools, including best-of-breed security products, homegrown tools, and other systems like ServiceNow. It provides an extensible architecture to support custom collectors through REST API and advanced queries. It enables you to bring your own insights, tailored detections, machine learning models, and threat intelligence.
AI-powered assistant